/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.
Adblock detected 😱
The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file
However I recommend using chage command . The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.
To list current aging type chage command as follows:
# chage -l vivek
Output:
Last password change : May 22, 2007 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
To disable password aging / expiration for user foo, type command as follows and set:
Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1
Interactive mode command:
# chage username
OR
# chage -I -1 -m 0 -M 99999 -E -1 username
Updated for accuracy.
ADVERTISEMENTS
25 comment
thanks a lot!! this really helped me!
Great advice, thanks !!
The simplest way to change the command-line version so that it actually works is as follows:
# chage -I -1 -m 0 -M 99999 -E -1 username
Most shells (certainly
bash) require escaping ‘-‘ characters.wow this is the most retarded thing i have read today.
“-” does not need to be escaped in any shell as it has no special meaning, it is just a convention used in most unix programs to identify option parameters (it is a slash under most windows utils, e.g. “ipconfig /a”). characters you may need to escape are ” or ‘ or $ or ` and so on (see http://www.gnu.org/software/bash/manual/bashref.html#Quoting ).
you ‘may’ need to tell a program to not read a for example a file name “rm -my_file_name.txt” as an option via “rm — -my_file_name.txt” but thats about it.
the original code snippet /actually/ works without any escaping.
thousand thanks
Any solution to set ACCOUNT EXPIRE after x days without login to the system instead of set a fix date?
Is there a way to do this to all user accounts at once? I’ve tried using “*”, but had no luck with that. Thanks.
James,
Try something as follows to list permission for all user (backup your /etc/passwd and /etc/shadow before you run following commands) :
awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}Replace chage -l with ‘chage -I -1 -m 0 -M 99999 -E -1’
awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}Just to eliminate the unnecessary “cut”, make it:
awk -F':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}Thanks alot.
Hi ,
thanx …
awk -F’:’ ‘{ if ( $3 >= 1000 ) print $1 }’ /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}
is helped me
I get this error while executing the command,
[root@lnxtestsrv1 ~]# awk -F ':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {} xargs: invalid option -- I Usage: xargs [-0prtx] [-E eof-str] [-e[eof-str]] [-I replace-str] [-i[replace-str]] [-L max-lines] [-l[max-lines]] [-n max-args] [-s max-chars] [-P max-procs] [--null] [--eof[=eof-str]]