Enforce password aging, warnings and account expiry using the chage command. 16.11.2025 | reading time: 3 min Want to force periodic password changes and automatic account expiry from the shell? The `chage` command edits a user s password-aging settings so you can require regular resets, warn users in advance and disable stale accounts. Hands-on example Scenario: the fictional "development" team needs user "devops" to change passwords every 90 days, get a 7-day warning, be marked inactive after 30 days of nonuse and have the account expire at the end of 2025; run the commands shown and then inspect the result as demonstrated below: ```sudo chage -M 90 -W 7 -I 30 -E 2025-12-31 devops``` ```sudo chage -l devops``` Typical output lines to check are: "Maximum number of days between password change : 90", "Number of days of warning before password expires : 7", "Password inactive : 30", "Account expires : Dec 31, 2025". Key flags to remember Use `-l` to list settings, `-M` for maximum password age, `-m` for minimum age, `-W` for warning days, `-I` for inactivity timeout, `-E` to set an account expiration date and `-d` to set the last password-change date; combine options to implement the exact lifecycle you need. Batching and automation Apply changes in scripts or from configuration management: loop over users in a CSV and call `chage` with sudo, or integrate with cron to audit settings; this is how administrators enforce policy at scale rather than relying on manual edits. Complementary commands While `chage` controls aging, use `passwd` to change passwords interactively, `usermod` to set simple expiry attributes like `-e`, and `chpasswd` for bulk password updates when provisioning accounts. Security notes chage modifies entries in the shadow password database, so always run with appropriate privileges and verify changes with `chage -l`; testing policies on a nonproduction user first prevents accidental lockouts. Next steps Now that you can enforce expiration, consider codifying policies in scripts and auditing regularly; dive deeper into PAM, shadow file format and automation to build robust identity hygiene and follow up with certification study if you want to formalize that knowledge. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities scripting
