本文譯自 7 Examples to Manage Linux Password Expiration and Aging Using chage
本文主要介紹命令chage的使用,譯文會對原文內容會有一定的簡化。
debian系統可以通過如下命令安裝chage: (chage is for change age)
apt-get install chage
CentOS7 應該是自帶這個命令了。
列出用戶密碼相關信息
Syntax: chage –-list username (or) chage -l username $ chage --list dhinesh Last password change : Apr 01, 2009 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
注:普通用戶對其它用戶執行這條命令,但root用戶可以
修改下密碼
$ date Thu Apr 23 00:15:20 PDT 2009 $ passwd dhinesh Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully $ chage --list dhinesh Last password change : Apr 23, 2009 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
可以看出上次密碼修改的時間已經發生了變化。
通過選項-M 設置賬戶密碼的到期時間
Syntax: # chage -M number-of-days username # chage -M 10 dhinesh # chage --list dhinesh Last password change : Apr 23, 2009 Password expires : May 03, 2009 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
密碼到期時間變成了十天后。
密碼過期消息提醒
如上,密碼過期之前7天會提示密碼過期,假如dhinesh 試圖在Apr 30, 2009登錄,那么將會出現如下提醒消息:
$ ssh dhinesh@testingserver dhinesh@testingserver's password: Warning: your password will expire in 3 days
密碼過期時,強制用戶修改密碼
$ ssh dhinesh@testingserver dhinesh@testingserver's password: You are required to change your password immediately (password aged) WARNING: Your password has expired. You must change your password now and login again! Changing password for dhinesh (current) UNIX password: Enter new UNIX password: Retype new UNIX password:
設置賬戶過期時間
可以使用-E選項設置賬戶的過期時間,時間格式為“YYYY-MM-DD”。
# chage -E "2009-05-31" dhinesh # chage -l dhinesh Last password change : Apr 23, 2009 Password expires : May 03, 2009 Password inactive : never Account expires : May 31, 2009 Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
設置用戶不活躍鎖定
當用戶密碼過期后,可以設置用戶多少天不活躍即鎖定賬戶,如10天。
# chage -I 10 dhinesh # chage -l dhinesh Last password change : Apr 23, 2009 Password expires : May 03, 2009 Password inactive : May 13, 2009 Account expires : May 31, 2009 Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
設置用戶賬戶不過期
取消用戶賬戶過期設置。
-m 0 will set the minimum number of days between password change to 0 -M 99999 will set the maximum number of days between password change to 99999 -I -1 (number minus one) will set the “Password inactive” to never -E -1 (number minus one) will set “Account expires” to never.
# chage -m 0 -M 99999 -I -1 -E -1 dhinesh # chage --list dhinesh Last password change : Apr 23, 2009 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
以上!