48fb52f0e7
Story: 2011283 Task: 52144 4/30: Applied edits to "linux-accounts-password" and "starlingx-system-accounts-system-account-password-rules" files. 5/2: Fixed bullet format issue in "linux-acconts-password" 5/5: Fixed additional bullet format in same file. Change-Id: I1be4d5787f88d14629b331a2e47d5ab5025a4ad2 Signed-off by: Matthew Montopoli <matthew.montopoli@windriver.com>
66 lines
2.2 KiB
ReStructuredText
66 lines
2.2 KiB
ReStructuredText
.. _linux-accounts-password-3dcad436dce4:
|
|
|
|
=============================
|
|
Linux Accounts Password Rules
|
|
=============================
|
|
|
|
.. rubric:: Check Current Password Expiry Settings
|
|
|
|
Before making any changes, you may want to check the current password expiry
|
|
settings for the user. You can do this by running the :command:`chage -l
|
|
<username>` command, replacing ``<username>`` with the name of the user whose
|
|
password expiry settings you want to view.
|
|
|
|
.. code-block:: none
|
|
|
|
sudo chage -l <username>
|
|
|
|
.. rubric:: Change Password Expiry Settings
|
|
|
|
To change the password expiry period of Linux accounts, run the
|
|
:command:`chage` command, as below:
|
|
|
|
.. code-block:: none
|
|
|
|
[sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M <days_to_expiry> -I <days_to_inactive> <username>
|
|
|
|
- -M <days_to_expiry>: Sets the maximum number of days a password is valid
|
|
(90 days by default).
|
|
|
|
- -I <days_to_inactive>: Sets the number of days of inactivity after a password
|
|
expires before the account is disabled (45 days by default).
|
|
|
|
For example, to set a maximum password age of 60 days and configure the account
|
|
to be permanently disabled 45 days after the password expires for the user
|
|
``sysadmin``, run the following command:
|
|
|
|
.. code-block:: none
|
|
|
|
[sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M 60 -I 45 sysadmin
|
|
|
|
|
|
Verify Changes
|
|
--------------
|
|
|
|
After making the changes, verify that the new password expiry settings have
|
|
been applied by running the :command:`chage -l <username>` command again.
|
|
|
|
.. code-block:: none
|
|
|
|
chage -l <username>
|
|
|
|
For the example above of user ``sysadmin`` and expiry period of 60 days, the
|
|
output of ``chage -l <username>`` should be as follows:
|
|
|
|
.. code-block:: none
|
|
|
|
[sysadmin@controller-0 ~(keystone_admin)]$ chage -l sysadmin
|
|
Last password change : Apr 09, 2025
|
|
Password expires : Jun 08, 2025
|
|
Password inactive : Jul 23, 2025
|
|
Account expires : never
|
|
Minimum number of days between password change : 1
|
|
Maximum number of days between password change : 60
|
|
Number of days of warning before password expires : 7
|
|
|
|
|