How to check user password expiration date in Linux

If you enabled a password policy on Linux, the password must be changed before it expires, otherwise you will be notified to change the password upon login until the password expires. This is usually a 7 days grace period.

Periodic changing of user’s password is considered a good practice for security reasons.

If you rarely use your account, it may be locked due to password expiration.

In many cases, this can happen in service accounts with a password-less login, because nobody will monitor it.

This will lead to stop the cronjobs/crontab configured on the Linux server. If so, how to mitigate this situation?

Writing a shell script can send a notification, and we wrote an article about it a while ago. Please go to the link below to learn more about it.

The above script will give you the number of days remaining for password expiry, but this article is aimed at giving you an actual date on your terminal, which can be achieved with the ‘chage’ command.

What is chage command?

chage stands for change age. It is used to modify user password expiry information. It enables you to view user account aging information, change the number of days that should elapse between password changes and to view the date of the last password change.

This information is used by the system to determine when a user should change his/her password.

It allows the admin to perform other functions such as setting the account expiration date, setting the password inactive after the expiration, and setting expiry warnings.

1) Checking password expiration date for a specific user

If you want to check the password expiration date for a specific user in Linux, use the following command:

# chage -l daygeek

Last password change                                    : Feb 13, 2020
Password expires                                        : May 13, 2020
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 7
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 7

2) Checking password expiration date for all users

The ‘chage’ command can be used to see the password expiration date for a specific user, but it can’t be used to query this information for several users at once.

To achieve this you may need to write a small shell script. The following shell script allows you to list the password expiry date’s of all the users, including system users:

$ sudo vi /opt/scripts/user-password-expiration-date.sh

#!/bin/sh
for user in $(cat /etc/passwd |cut -d: -f1)
do echo $user
chage -l $user | grep "Password expires"
done | paste -d " "  - - | sed 's/Password expires//g'

Set the executable permission to the shell script file:

$ sudo chmod +x /opt/scripts/user-password-expiration-date.sh

Once the script is executed, you will get an output like the one below, but the username may vary (u1 to u5 are all the example users):

$ sudo sh /opt/scripts/user-password-expiration-date.sh

root                : never
bin                 : never
daemon              : never
adm                 : never
lp                  : never
sync                : never
shutdown            : never
u1               : Nov 12, 2018
u2               : Jun 17, 2019
u3               : Jun 17, 2019
u4               : Jun 17, 2019
u5               : Jun 17, 2019

3) Checking password expiration date for all users except system users

The below shell script will display the list of users (excluding system users) along with their password expiration date:

$ sudo vi /opt/scripts/user-password-expiration-date-1.sh

#!/bin/sh
for user in $(cat /etc/passwd |cut -d: -f1)
do echo $user
chage -l $user | grep "Password expires"
done | paste -d " "  - - | sed 's/Password expires//g' | grep -v "never"

Set the executable permission to the shell script file:

$ sudo chmod +x /opt/scripts/user-password-expiration-date-1.sh

You will get an output like the one below, but the username may differ (u1 to u5 are all the example users):

$ sudo sh /opt/scripts/user-password-expiration-date-1.sh

u1               : Nov 12, 2018
u2               : Jun 17, 2019
u3               : Jun 17, 2019
u4               : Jun 17, 2019
u5               : Jun 17, 2019

Closing Notes

In this guide, you learnt how to find the expiry date for all Linux users using a shell script.

If you found this article helpful, please do share with your friends and spread the knowledge. Please feel free to comment below if you have any queries/concerns. We will get back to you as soon as we can. Happy learning!

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *