If you enabled a password policy on Linux, the password must be changed before it expires, otherwise you will be notified to change the password upon login until the password expires. This is usually a 7 days grace period.
Periodic changing of user’s password is considered a good practice for security reasons.
If you rarely use your account, it may be locked due to password expiration.
In many cases, this can happen in service accounts with a password-less login, because nobody will monitor it.
This will lead to stop the cronjobs/crontab configured on the Linux server. If so, how to mitigate this situation?
Writing a shell script can send a notification, and we wrote an article about it a while ago. Please go to the link below to learn more about it.
The above script will give you the number of days remaining for password expiry, but this article is aimed at giving you an actual date on your terminal, which can be achieved with the ‘chage’ command.
What is chage command?
chage stands for change age. It is used to modify user password expiry information. It enables you to view user account aging information, change the number of days that should elapse between password changes and to view the date of the last password change.
This information is used by the system to determine when a user should change his/her password.
It allows the admin to perform other functions such as setting the account expiration date, setting the password inactive after the expiration, and setting expiry warnings.
1) Checking password expiration date for a specific user
If you want to check the password expiration date for a specific user in Linux, use the following command:
# chage -l daygeek Last password change : Feb 13, 2020 Password expires : May 13, 2020 Password inactive : never Account expires : never Minimum number of days between password change : 7 Maximum number of days between password change : 90 Number of days of warning before password expires : 7
2) Checking password expiration date for all users
The ‘chage’ command can be used to see the password expiration date for a specific user, but it can’t be used to query this information for several users at once.
To achieve this you may need to write a small shell script. The following shell script allows you to list the password expiry date’s of all the users, including system users:
$ sudo vi /opt/scripts/user-password-expiration-date.sh #!/bin/sh for user in $(cat /etc/passwd |cut -d: -f1) do echo $user chage -l $user | grep "Password expires" done | paste -d " " - - | sed 's/Password expires//g'
Set the executable permission to the shell script file:
$ sudo chmod +x /opt/scripts/user-password-expiration-date.sh
Once the script is executed, you will get an output like the one below, but the username may vary (u1 to u5 are all the example users):
$ sudo sh /opt/scripts/user-password-expiration-date.sh root : never bin : never daemon : never adm : never lp : never sync : never shutdown : never u1 : Nov 12, 2018 u2 : Jun 17, 2019 u3 : Jun 17, 2019 u4 : Jun 17, 2019 u5 : Jun 17, 2019
3) Checking password expiration date for all users except system users
The below shell script will display the list of users (excluding system users) along with their password expiration date:
$ sudo vi /opt/scripts/user-password-expiration-date-1.sh #!/bin/sh for user in $(cat /etc/passwd |cut -d: -f1) do echo $user chage -l $user | grep "Password expires" done | paste -d " " - - | sed 's/Password expires//g' | grep -v "never"
Set the executable permission to the shell script file:
$ sudo chmod +x /opt/scripts/user-password-expiration-date-1.sh
You will get an output like the one below, but the username may differ (u1 to u5 are all the example users):
$ sudo sh /opt/scripts/user-password-expiration-date-1.sh u1 : Nov 12, 2018 u2 : Jun 17, 2019 u3 : Jun 17, 2019 u4 : Jun 17, 2019 u5 : Jun 17, 2019
Closing Notes
In this guide, you learnt how to find the expiry date for all Linux users using a shell script.
If you found this article helpful, please do share with your friends and spread the knowledge. Please feel free to comment below if you have any queries/concerns. We will get back to you as soon as we can. Happy learning!
