How to use the “chage” command In Linux
In Linux, the “chage” command is used to control user account password aging and expiration settings. Admins can set different password policy parameters and configure when a user’s password expires. The command “chage” means “change age.”
Step 1: Fire up the terminal.
Step 2: Type the following command to get details about the password aging and expiration information for a specific user account in Linux.
chage -l username
Step 3: Just replace “username” with the name of the user account. Here is an example of what the output might look like.
Output:
1. Steps to Lock User Accounts:
Step 1: Open up the terminal.
Step 2: To lock the user account set the account expiration date to “0“.
Step 3: Type the following command in the terminal to set the account expiration date to “0” which was set to “never” earlier.
chage -E0 username
When we set the account expiration date to “0” it expires on “Jan 01, 1970”. We can confirm it by running the change command with the “-l” option as explained above.
Output:
2. Steps to Unlock User Accounts:
Step 1: Open up the terminal.
Step 2: To unlock the user account set the account expiration date to “-1”.
Step 3: Type the following command in the terminal to set the account expiration date to “-1” .
chage -E -1 username
When we set the account expiration date to “-1”, it never expires. We can confirm it by running the chage command with the “-l” option as explained above.
Output:
How to unlock a locked user account in linux?
To regulate access and maintain security, Linux/Unix systems must have the ability to lock and unlock user accounts. It offers the adaptability required to handle a range of security and operational scenarios while making sure that only authorized users have access. Some of the reasons why locking and unlocking user accounts is essential for system security are mentioned below.
- Security: A user account can be locked to stop someone from using it without authorization. Access that is not authorized may result in security events like data loss or breaches.
- Account Management: Proper account management may include locking accounts. For instance, to ensure that someone who leaves the company, no longer has access to company resources, the account should be closed. When a new employee wants access, unlocking may be done.
- Temporary Suspension: User access can be temporarily suspended for maintenance or system updates by locking accounts. The accounts can be unlocked after the maintenance is finished.
- Multiple Failed Attempts: Multiple failed login attempts can be detected by a system, and the account can then be immediately locked to prevent brute-force attacks.
In this article we will discuss some of the common methods to lock and unlock user accounts in Linux/Unix-based OS: