This post was originally published on go2linux.org on October 4, 2008. The domain is no longer mine, but I am the original author. I am republishing it here on garron.me with corrections and improvements.
Introduction
chage (change age) manages password aging information for user accounts. As a system administrator, you can use it to enforce password rotation policies, lock accounts after inactivity, and force users to change their password on next login.
View current password aging info
sudo chage --list username
Example output:
Last password change : May 10, 2024
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between changes : 0
Maximum number of days between changes : 99999
Number of days of warning before expiry : 7
Set a maximum password age
Force a password change after 30 days:
sudo chage -M 30 username
After the next --list, the expiry date will be 30 days from the last password change:
Password expires : Jun 09, 2024
Maximum number of days between changes : 30
When the user logs in after expiry, the system forces them to choose a new password immediately.
Force an immediate password change
Set the last password change date to the epoch (day 0), which makes the password already expired:
sudo chage -d 0 username
The next time the user logs in they must change their password before they can proceed. This is the standard way to force a first-time password change on a new account.
An equivalent shortcut with passwd:
sudo passwd -e username
Set a warning period
Give users advance notice before their password expires. Here, warn 7 days before:
sudo chage -W 7 username
A warning period of at least 3–7 days is good practice — it gives users time to choose a strong password rather than typing the first thing they see.
Set a minimum days between changes
Prevent users from immediately changing back to their old password:
sudo chage -m 5 username
This requires at least 5 days between password changes.
Set an account expiry date
Lock an account on a specific date (useful for temporary or contractor accounts):
sudo chage -E 2024-12-31 username
To remove an expiry date:
sudo chage -E -1 username
Interactive mode
Running chage without flags opens an interactive prompt that walks through all settings:
sudo chage username
Quick reference
| Flag | Meaning |
|---|---|
| -l / --list | Show current aging info |
| -M days | Maximum days before password must change |
| -m days | Minimum days between changes |
| -W days | Days of warning before expiry |
| -d date | Set last password change date (0 = force change now) |
| -E date | Account expiry date (YYYY-MM-DD, or -1 to remove) |
| -I days | Days of inactivity after expiry before account is locked |