LinuxCommandLibrary

lchage

Modify file SELinux security context

TLDR

Disable password expiration for the user

$ sudo lchage --date -1 [username]
copy

Display the password policy for the user
$ sudo lchage --list [username]
copy

Require password change for the user a certain number of days after the last password change
$ sudo lchage --maxdays [number_of_days] [username]
copy

Start warning the user a certain number of days before the password expires
$ sudo lchage --warndays [number_of_days] [username]
copy

SYNOPSIS

lchage [OPTION...] LOGIN

PARAMETERS

-d, --lastday DAYS
    set last password change to DAYS days since 1970-01-01

-E, --expiredate EXPIRE_DATE
    set account expiration to EXPIRE_DATE (days since 1970-01-01)

-I, --inactive INACTIVE
    days after expiration before account inactive

-l, --list
    display account aging information

-m, --mindays MIN_DAYS
    minimum days between password changes

-M, --maxdays MAX_DAYS
    maximum days password remains valid

-W, --warndays WARN_DAYS
    days warning before password expires

-h, --help
    print usage summary

-V, --version
    print version information

DESCRIPTION

lchage modifies password aging attributes for a user account specified by a symbolic link LOGIN. It is part of the shadow-utils package and similar to chage, but follows symlinks to locate the shadow password entry, making it ideal for setups like NIS, LDAP, or local overrides via symlinks.

Key attributes include:
- Last password change date
- Minimum/maximum days between changes
- Warning days before expiration
- Account expiration and inactivity periods

These control password expiration policies, enhancing security by forcing periodic changes and locking inactive accounts. Run as root (via sudo). Listing current values helps auditing without changes.

Improves usability by minimizing frequent reprompts while enforcing policy. Output shows affected fields or lists all if -l used. Errors occur if symlink invalid or no permissions.

CAVEATS

Requires root privileges. LOGIN must be a valid symlink to shadow entry; fails otherwise. Does not change password itself.

EXAMPLES

lchage -l user
List aging info.

lchage -M 90 -m 7 -W 14 user
Set max 90 days, min 7 days, warn 14 days.

FILES

Operates on /etc/shadow via symlink resolution.

HISTORY

Introduced in shadow-utils package (1990s) to support symlink-based user management in networked environments like NIS/YP.

SEE ALSO

chage(1), chfn(1), chsh(1), passwd(1), shadow(5)

Copied to clipboard