Linux Accounts Password Rules¶
Check Current Password Expiry Settings
Before making any changes, you may want to check the current password expiry
settings for the user. You can do this by running the chage -l
<username> command, replacing <username>
with the name of the user whose
password expiry settings you want to view.
sudo chage -l <username>
Change Password Expiry Settings
To change the password expiry period of Linux accounts, run the chage command, as below:
[sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M <days_to_expiry> -I <days_to_inactive> <username>
-M <days_to_expiry>: Sets the maximum number of days a password is valid (90 days by default).
-I <days_to_inactive>: Sets the number of days of inactivity after a password expires before the account is disabled (45 days by default).
For example, to set a maximum password age of 60 days and configure the account
to be permanently disabled 45 days after the password expires for the user
sysadmin
, run the following command:
[sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M 60 -I 45 sysadmin
Verify Changes¶
After making the changes, verify that the new password expiry settings have been applied by running the chage -l <username> command again.
chage -l <username>
For the example above of user sysadmin
and expiry period of 60 days, the
output of chage -l <username>
should be as follows:
[sysadmin@controller-0 ~(keystone_admin)]$ chage -l sysadmin
Last password change : Apr 09, 2025
Password expires : Jun 08, 2025
Password inactive : Jul 23, 2025
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7