Learn to set, change and remove account expiry dates from the command line to control temporary access quickly. 19.11.2025 | reading time: 2 min Account expiry is a simple lever for temporary access control; from single developers to large teams, knowing how to set and change expiry dates keeps systems tidy and secure. Quick hands-on demo Do this on a test host: create a temporary user, set an expiry, then verify it; copy and run the commands below exactly as shown to follow along. ```bash sudo useradd -m tempuser sudo usermod -e 2025-12-31 tempuser sudo chage -l tempuser ``` Expected short output snippet after the last command: ```text Last password change : never Password expires : never Account expires : 2025-12-31 ``` To remove the expiry again run: ```bash sudo usermod -e "" tempuser sudo chage -l tempuser ``` What to tweak next Change an expiry with `usermod -e YYYY-MM-DD` or with `chage -E YYYY-MM-DD`; `chage` also offers `-M` (maximum age), `-W` (warning days) and `-I` (inactive days) to refine lifecycle policies, and `chage -l` lists the active rules so he can audit behavior quickly. When and why to use it Use expiry dates for contractors, temporary test accounts, scripted onboarding, and emergency fixes that must not persist; combining expiry with password policies and logging reduces attack surface and operational debt. Other useful commands Check password and account state with `passwd -S`, create accounts with `useradd -e` for immediate expiry, and edit shadow entries carefully with `vipw -s` when scripting bulk changes; always test on nonproduction users first. Final thought Expiry dates are a low-effort, high-impact control that every sysadmin should master; practice these commands and consider studying for certifications like CompTIA Linux+ or LPIC-1, and check bitsandbytes.academy for intensive exam preparation. Join Bits & Bytes Academy First class LINUX exam preparation. utilities security scripting
