Linux - User Account Management, Part II

In my post titled, "Linux - User Account Management, Part I," I talked about how to check a user's account for expiration.  I set a user account to expire on 5/15/2015.  It is now 5/16/2015.  The user account has expired.  When I attempt to log into this account, it shows as expired:

ron@slackbox:~$ su nor
Password:
Your login has expired.  Contact the system administrator.

 To re-enable the account, I will use either of the following commands:

usermod -e yyyy-mm-dd username
chage -E yyyy-mm-dd username 

When running the chage command, there's no message or prompt after execution. I'm able to log back in without issue.

Next, we'll learn how to set the number of days until a password change is required.  We'll set the password to expire for 30 days:

ron@slackbox:~$ron@slackbox:~$ sudo chage -M 30 nor
ron@slackbox:~$
ron@slackbox:~$ sudo chage -l nor
Last password change                                 : May 10, 2015
Password expires                                     : Jun 09, 2015
Password inactive                                    : never
Account expires                                      : Dec 31, 2015
Minimum number of days between password change       : 0
Maximum number of days between password change       : 30
Number of days of warning before password expires    :  7  
ron@slackbox:~$

We'll check this account again after 30 days and use the 'password -u nor' command to re-enable the expired password at that time.

Linux - User Account Management, Part I

I've never administered user accounts in Linux.  I know Linux but I'd be lying if I said I knew every facet of it.  I've created accounts and actually gave a fellow Linux user access to my machine once (checking the logs from time to time just to ensure he wasn't doing things he wasn't supposed to do), but I'd never made an account that had an expiration date (nor a password that had an expiration date).  So, yesterday, I created a test account that had an account expiration of May 15, 2015.  I want to be able to unexpire the account once it has expired.

I referenced some commands that would allow me to monitor a user account's status.  'chage' is one of those commands:

ron@slackbox:~$ sudo chage -l nor

Password:

Last password change                                    : May 10, 2015

Password expires                                        : never

Password inactive                                       : never

Account expires                                         : May 15, 2015

Minimum number of days between password change          : 0

Maximum number of days between password change          : 99999

Number of days of warning before password expires       : 7

I'd use the 'usermod' or 'chage' commands to change the expiration date (using sudo):

usermod -e yyyy-mm-dd username
chage -E yyyy-mm-dd username 

I'll use the above commands in a few days just to test.

To check if the password has expired, use the following:

grep ‘username’ /etc/shadow

The following command would re-enable an expired password:

password -u username

I encourage you to read the chage and passwd manual pages for further insight on how to use these two commands.

I know these are simple commands and the process itself is simple, but again, I've never done this before and wanted to share what I've learned...someone out there will learn from my experience.