7th October 2022

Password Policies for Linux – Chage Command

Most Linux users regularly install security updates and use the latest version. As far as we know, they are sensitive and careful. But this sensitivity and attention alone may not be enough. Installing security updates may not be enough if you don’t have a secure password policy, rules applied equally to every user.

Most Linux distributions choose policies by default with rules that will not disturb the user during installation. It is necessary to determine the rules later, such as the obligation to change the password, how many days it should be changed, or how many days the account will be locked if it is not changed.

Chage Command

If you want to make such settings, you can use the command called chage. Easy and simple to use, this command will help you a lot in creating the password policies you choose. From the Help and Man pages, you can see the options and what you can do.

chage --help
chage –help

man chage
man chage

 

chage -l username

If you run the command “chage -l username“, you can see the password rules for the user you want. As seen in the report below, the password of the omer user will never expire, the account will not become inactive, and there will be no obligation to set a new password until 99999 days have passed after the password has been changed.

chage -l username
chage -l username

 

chage -M 89 username

This command allows you to set as a rule that the user you specify must change their password 90 days after the last password change.

LEARN MORE  Getting Local User Password Hashes from SAM and SYSTEM Files - Cain&Abel Tool

chage -M 89 username
chage -M 89 username

Example Description of Options Used

You can see the explanations of the options used in the command as follows.

sudo chage -m 5 -M 90 -I 30 -W 14 username
sudo chage -m 5 -M 90 -I 30 -W 14 username

 

-m 5: After a password is changed, it has been determined that at least 5 days must pass before it can be changed again.

-M 90: When 90 days have passed since the password change, the user was obliged to change his password.

-I 30: If the user has not logged in for 30 days since the last login, the account must be deactivated as a rule. If you will be away from your computer for a long time, we recommend that you use it carefully.

-W 14: It will provide a warning to the user as of 14 days before the expiry of the password.

Note: To continue using your computer more securely, start yourself and try tightening your own user password policies. Although it may seem boring after a while, people feel safer the system they use.

 

Leave a Reply

Your email address will not be published. Required fields are marked *