本文译自 7 Examples to Manage Linux Password Expiration and Aging Using chage
本文主要介绍命令chage的使用,译文会对原文内容会有一定的简化。
debian系统可以通过如下命令安装chage: (chage is for change age)
apt-get install chage
CentOS7 应该是自带这个命令了。
列出用户密码相关信息
Syntax: chage –-list username (or) chage -l username $ chage --list dhinesh Last password change : Apr 01, 2009 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
注:普通用户对其它用户执行这条命令,但root用户可以
修改下密码
$ date Thu Apr 23 00:15:20 PDT 2009 $ passwd dhinesh Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully $ chage --list dhinesh Last password change : Apr 23, 2009 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
可以看出上次密码修改的时间已经发生了变化。
通过选项-M 设置账户密码的到期时间
Syntax: # chage -M number-of-days username # chage -M 10 dhinesh # chage --list dhinesh Last password change : Apr 23, 2009 Password expires : May 03, 2009 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
密码到期时间变成了十天后。
密码过期消息提醒
如上,密码过期之前7天会提示密码过期,假如dhinesh 试图在Apr 30, 2009登录,那么将会出现如下提醒消息:
$ ssh dhinesh@testingserver dhinesh@testingserver's password: Warning: your password will expire in 3 days
密码过期时,强制用户修改密码
$ ssh dhinesh@testingserver dhinesh@testingserver's password: You are required to change your password immediately (password aged) WARNING: Your password has expired. You must change your password now and login again! Changing password for dhinesh (current) UNIX password: Enter new UNIX password: Retype new UNIX password:
设置账户过期时间
可以使用-E选项设置账户的过期时间,时间格式为“YYYY-MM-DD”。
# chage -E "2009-05-31" dhinesh # chage -l dhinesh Last password change : Apr 23, 2009 Password expires : May 03, 2009 Password inactive : never Account expires : May 31, 2009 Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
设置用户不活跃锁定
当用户密码过期后,可以设置用户多少天不活跃即锁定账户,如10天。
# chage -I 10 dhinesh # chage -l dhinesh Last password change : Apr 23, 2009 Password expires : May 03, 2009 Password inactive : May 13, 2009 Account expires : May 31, 2009 Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
设置用户账户不过期
取消用户账户过期设置。
-m 0 will set the minimum number of days between password change to 0 -M 99999 will set the maximum number of days between password change to 99999 -I -1 (number minus one) will set the “Password inactive” to never -E -1 (number minus one) will set “Account expires” to never.
# chage -m 0 -M 99999 -I -1 -E -1 dhinesh # chage --list dhinesh Last password change : Apr 23, 2009 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
以上!