How to Make Users Change Their Password on Their Next Login in Linux

Tutorial Dec 16, 2020

Be it on a website, server or your personal computer, for security reasons, its best practice to change your password from time to time.

In this article, we will be looking into how we can force users to change their login password the next time they try to login to Linux. We could use either the chage or passwd command to achieve this.

1. USING chage

chage is a command used for changing user password expiry information. By using the -l switch along with it, we can check the user's password creation and expiry details as shown below.

sudo chage -l reiri
Last password change                                : Dec 1, 2020
Password expires                                    : never
Password inactive                                   : never
Account expires                                     : never
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

To force a user to update their password, we need to make their existing password expire. To do this with the chage, we will be using the command with it's -d or --lastday switch. It accepts whole numbers beginning from 0 (0 being Jan 1, 1970).

sudo chage --lastday 0 reiri

The above command will update the user's last password change date to January 1, 1970. And essentially forcing the user to change it the next time they try to log in.

Now if we check the target user's password expiry information with chage -l we will see that their password needs to be changed.

sudo chage -l reiri
Last password change                                : password must be changed
Password expires                                    : password must be changed
Password inactive                                   : password must be changed
Account expires                                     : never
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

2. USING passwd

To force a user to change their password with the passwd command, we will use the -e or --expire switch. This will cause the target user's pasword to expire, forcing them to update it with a new password.

sudo passwd --expire reiri
passwd: password expiry information changed.

Compared to chage, passwd's way of doing this feels more elegant. And like before, we can confirm that the user's password expired with the chage -l command.

sudo chage -l reiri
Last password change                                : password must be changed
Password expires                                    : password must be changed
Password inactive                                   : password must be changed
Account expires                                     : never
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

And that is all. The next time the user try's to login, they will be asked to update their password.

Tags

Lime

Simple, like quantum physics.