Setting expiry data on a per-account basis with chage
You would only use chage to modify existing accounts, and you would use it for setting either an account expiration or a password expiration. Here are the relevant option switches:
Option Explanation
-d If you use the -d 0 option on someone's account, you'll force the user to change his or her password on their next login.
-E This is equivalent to the lowercase -e for useradd or usermod. It sets the expiration date for the user account.
-I This is equivalent to -f for useradd or usermod. It sets the number of days before an account with an expired password will be locked out.
-m This sets the minimum number of days between password changes. In other words, if Charlie changes his password today, the -m 5 option will force him to wait five days before he can change his password again.
-M This sets the maximum number of days before a password expires. (Be aware, though, that if Charlie last set his password 89 days ago, using a -M 90 option on his account will cause his password to expire tomorrow, not 90 days from now.)
-W This will set the number of warning days for passwords that are about to expire.
You can set just one of these data items at a time or you can set them all at once. In fact, to avoid frustrating you with a different demo for each individual item, let's set them all at once, except for -d 0, and then we'll see what we've got:
sudo chage -E 2021-02-28 -I 4 -m 3 -M 90 -W 4 charlie
donnie@ubuntu-steemnode:~$ sudo chage -l charlie
Last password change : Oct 06, 2019
Password expires : Jan 04, 2020
Password inactive : Jan 08, 2020
Account expires : Feb 28, 2021
Minimum number of days between password change : 3
Maximum number of days between password change : 90
Number of days of warning before password expires : 4
donnie@ubuntu-steemnode:~$
All expiration data has now been set.
For our final example, let's say that you've just created a new account for Samson, and you want to force him to change his password the first time he logs in. There are two ways to do that. Either way, you would do it after you've set his password initially. For example, let's do this:
sudo chage -d 0 samson
or
sudo passwd -e samson
donnie@ubuntu-steemnode:~$ sudo chage -l samson
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
donnie@ubuntu-steemnode:~$
Next, we will go through a hands-on lab.