Turn Off Password Expiration for a User Account in RHEL

August 6, 2020

To ensure the security of the systems we need to apply the password policy for user accounts on a Linux system. If the policy is applied and applicable to all user accounts then users need to change their password periodically as per policy. But in some cases where users need to access the system through tools or software with a saved password. In this case, if the password expired then users will not be able to connect to the system using that tools or software.

So, for the above scenario, we can disable or turn off the password expiry of that particular user account by using the command chage.

Turn Off Password Expiration in RHEL

First, check the password ageing details of the user sftp_test using chage command

[user@dbappweb.com ~]$ sudo chage -l sftp_test
Last password change                                    : May 05, 2020
Password expires                                        : Aug 03, 2020
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 1
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 10

As you can see in the above details the password expiry was set for 90 days that’s why the user’s password expired after 90 days.

Use the below command to turn off the password expiration for user account sftp_test 

[user@dbappweb.com ~]$ sudo chage -M 99999 sftp_test

Now, you can see that Password expires has been set to never as shown below.

[user@dbappweb.com ~]$ sudo chage -l sftp_test
Last password change                                    : Aug 04, 2020
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 1
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 10

To set the password expiry, account expiry etc. use the command chage with the options, options details are given below.

[user@dbappweb.com ~]$ sudo chage 
Usage: chage [options] LOGIN

Options:
  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -R, --root CHROOT_DIR         directory to chroot into
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

Last Updated: August 06, 2020

Related Posts

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.