Linux set default password expiry command

sysadmin
users
linux

#1

hello,

i need tome help with article https://www.cyberciti.biz/faq/howto-add-new-linux-user-account/.
If i am correct, the article Set default password expiry is about setting when a password expires, but why do i need to let the account also expire?

cant it be used to let the user change its password every, lets say, 90 days? if so, how?
also, is it possible to see which accounts do need to change their password ?

thanks for the help.


#2

You don’t have to let account expire. The -e date tells the date on which the user account will be disabled. To make it inactive set it to -f days. The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature, so:

useradd -e {yyyy-mm-dd} -f 0 {username}
useradd -e {yyyy-mm-dd} -f -1 {username}

You need to use the chage command if you need to change expiry for existing user accounts.

Run command to show account ageing/expiery info:

chage -l user
chage -l vivek

See man pages of both command to get more info. HTH