Pawan Sharma | July 16, 2012 | Be the first to comment!

Chage command for password ageing policy

In this post we will learn how to manage users password aging using chage command. Chage command is very useful for user management and password policy. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

To change user's password aging use command "chage user_name"

1. To list user  account aging information.


# chage -l transfer_user
Last password change                                                                   : Jun 22, 2012
Password expires                                                                           : Aug 21, 2012
Password inactive                                                                          : never
Account expires                                                                              : never
Minimum number of days between password change           : 7
Maximum number of days between password change          : 60
Number of days of warning before password expires             : 7


 2. To force user to change password after first login do


# chage -d0 transfer_user
# chage -l transfer_user
Last password change                                     : password must be changed
Password expires                                            : password must be changed
Password inactive                                           : password must be changed
Account expires                                              : never
Minimum number of days between password change   : 7
Maximum number of days between password change   : 60
Number of days of warning before password expires      : 7


3. To change Account Expiration date: Set the date or number of days since January 1, 1970 on which the user´s account will no longer be accessible.


# chage -E 2012-09-01 transfer_user
# chage -l transfer_user
Last password change                                 : Jun 22, 2012
Password expires                                        : Aug 21, 2012
Password inactive                                       : never
Account expires                                         : Sep 01, 2012
Minimum number of days between password change      : 7
Maximum number of days between password change     : 60
Number of days of warning before password expires       : 7


4. To change password inactive field: Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity.


# chage -I 5 transfer_user
# chage -l transfer_user
Last password change                                    : Jun 22, 2012
Password expires                                        : Aug 21, 2012
Password inactive                                       : Aug 26, 2012
Account expires                                         : Sep 01, 2012
Minimum number of days between password change          : 7
Maximum number of days between password change          : 60
Number of days of warning before password expires       : 7


There are other options we can use with chage commang:
  -m: Set the minimum number of days between password changes to MIN_DAYS.

  -M: Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account.

  -W: Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire.

If you have any doubts regarding user administration please comment.
Pawan Sharma | July 15, 2012 | Be the first to comment!

Usermod for modifying user attributes

In day to day system administration, many times we work with users and group and have to change user attributes like, to change user's home directory, inactive password, change group or add supplementary group, lock or unlock user's password etc.

In Redhat Enterprise Linux 6 changing user's attributes can be done with "usermod" command. Usermod command can be helpful for system administration as well as in RHCSA exam, as user administration is one of RHCSA/RHCE exam. In this post we will discuss about usermod command to modify different user attributes.

1. To add user to a supplementary group use usermod -a command


# usermod –a group3 user1


2. To change users GECOS/comment field  use usermod -c


# usermod –c “User for transfer files” transfer_user
# cat /etc/passwd |grep transfer_user
transfer_user:x:502:502:User for transfer files:/home/transfer_user:/bin/bash

 we can also use chfn command to change finger information.

3. To change user's home directory


# usermod –d /transhome transfer_user
# cat /etc/passwd |grep transfer_user
transfer_user:x:502:502:User for transfer files:/transhome:/bin/bash

 use -m option to copy all files from old home directory to new home directory.

4. To change user's primary group


# id transfer_user
uid=502(transfer_user) gid=502(transfer_user) groups=502(transfer_user)
# groupadd file_transfer
# usermod -g file_transfer transfer_user
# id transfer_user
uid=502(transfer_user) gid=503(file_transfer) groups=503(file_transfer)

 The group must exist.

5. To add a supplementary group.
 

# usermod -G transfer_user transfer_user
# id transfer_user
uid=502(transfer_user) gid=503(file_transfer) groups=503(file_transfer), 502(transfer_user)

6. Lock or unlock a user's password.


# passwd -l transfer_user
Locking password for user transfer_user.
passwd: Success
# passwd -u transfer_user
Unlocking password for user transfer_user.
passwd: Success


Usermod command is very useful for system administrators to manage users and groups.
You can find some of above mentioned commands very useful in RHCSA and RHCE exams.

If you are preparing for the Certification exams, try to read man pages for commands, make it your habit so you can learn more easy ways to do tasks in examination and try to concentrate on command based administration.