useradd
You can control how long a user's account is valid through the use of the --expiredate option to useradd.
excerpt from useradd man page
-e, --expiredate EXPIRE_DATE The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD. If not specified, useradd will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string [no expiry] by default.So when setting up the user's account you can specify a date +30 days in the future from now, and add that to your useradd command when setting up their accounts.
$ useradd -e 2013-07-30 someuserchage
You can also change a existing accounts date using the chage command. To change an accounts expiration date you'd do the following:
$ chage -E 2013-08-30 someusercalculating the date +30 days from now
To do this is actually pretty trivial using the date command. For example:
$ date -d "30 days" Sun Jul 28 01:03:05 EDT 2013You can format using the +FORMAT options to the date command, which ends up giving you the following:
Putting it all together
So knowing the above pieces, here's one way to put it together. First when creating an account you'd run this command:
$ useradd -e `date -d "30 days" +"%Y-%m-%d"` someuserThen when you want to adjust their expiration dates you'd periodically run this command:
$ chage -E `date -d "30 days" +"%Y-%m-%d"` someuserSpecifying time periods of less than 24h
If you want a user to only be active for some minutes, you cannot use the options above since they require specifying a date. In that case, you could either set up a crontab to remove/lock the created user after the specified time [for example, 10 minutes], or you could do one of:
adduser someuser && sleep 600 && usermod --lock someuseror
$ adduser someuser $ echo usermod --lock someuser | at now + 10 minutesReferences
- useradd man page
- chage man page
The chage command is used to manage password expiry date in Linux. The chage command can be used to view, enable, disable or set dates for the user and group passwords. Password security is an important part of Cyber Security and the usage time of the passwords should be limited and changed periodically. The chage command can be used to implement this password change policy in Linux for users and groups.
chage Command Syntax
The chage command has following simple syntax.
chage OPTION USER- OPTION is used to set or list different password related parameters.
- USER is the username we want to list or set password parameters.
As an administrative command the chage command requires root privileges in general. So using the chage command with the sudo is required in most of the cases. Alternatively the chage command can be executed in the root shell.
sudo chageDisplay chage Command Help
The options and help information about the chage command can be listed with the -h or –help option.
chage -hUsage: chage [options] LOGIN Options: -d, --lastday LAST_DAY set date of last password change to LAST_DAY -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -h, --help display this help message and exit -i, --iso8601 use YYYY-MM-DD when printing dates -I, --inactive INACTIVE set password inactive after expiration to INACTIVE -l, --list show account aging information -m, --mindays MIN_DAYS set minimum number of days before password change to IN_DAYS -M, --maxdays MAX_DAYS set maximum number of days before password change to MAX_DAYS -R, --root CHROOT_DIR directory to chroot into -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYSList User Password Change Dates and Policy
User password policy provides and sets information about the last password change, password expires date, account expires date, etc. The user or account password change dates and policy can be displayed with the -l option and the user account name. In the following example, we list the user’s ismail password change dates and policy information.
chage -l ismailSet Date For User Password Change
From the security point of view, users should change their passwords regularly in order to prevent stolen password vulnerabilities. The change command can be used to set the password change date for a user with the -M option by specifying days from the current time. In the following example, we set 50 days later from now as the user password change date.
Set User Password Expire Date
The user password change date can be specified with the -d option. Just provide the date in YYYY-MM-DD format. In the following example, the user ismail password expires in 2021-03-01.
sudo change -d 2021-03-01 ismailSet User Account Expire Date
Also, the user account expires date can be specified. The user account expires date is different from the user password expiration date. The -E option is used to specify the user account expire date in YYYY-MM-DD . In the following example we set the user ismail account expire date as 2021-03-01.
sudo chage -E 2021-03-01 ismailSet User Account Lock/Inactive Warning Time
We can warn the user before the password change date. This can be very helpfull to inform the user that he/she should change password before the specified date. The -W or –warndays option can be used to specified days before the password expire. In the following exapmle we will set the warning days as 5.
sudo chage -W 5 ismailAlternatively the long form option –warndays can be used like below.
sudo chage --warndays 5 ismailchage Interactive Mode To Set All Options
If no option is specified for the chage command it starts the interactive mode. In interactive mode, all related values are asked and set step by step. If you do not want to change the current default value and use it just leave it empty and press enter.
sudo chage ismail