In Ubuntu, as with any Linux distribution, managing user accounts is a fundamental part of system administration. Ensuring security through accountability often requires administrators to set policies on user accounts, including setting an expiry date for them. In this tutorial, you’ll learn how to set an expiry date for a user account using various methods on the Ubuntu platform.

Understanding Account Expiration

Account expiration is a security measure which defines the period for which a user account is valid. After the expiry date, the user won’t be able to log in, and thus, it prevents unauthorized access from outdated user accounts.

Prerequisite

A system with Ubuntu installed and privileges to execute administrative commands. Ensure all commands are entered in the terminal.

Using the `chage` Command

The ‘chage’ command is used to change user password expiry information. But it can also set the account expiry date.

# Set the expiry date for user 'john'
sudo chage --expiredate 2023-12-31 john

To verify the changes, use the command:

sudo chage -l john

The output will include the expiry date:

Last password change				: Jan01, 2023
Password expires					: never
Password inactive					: never
Account expires					: Dec31, 2023
Minimum number of days between password change	: 0
Maximum number of days between password change	: 99999
Number of days of warning before password expires: 7

Advanced: Using `usermod` Command

The usermod command is another powerful tool that can be used to modify a user account, including setting the expiry date.

# Set the expiry date for user 'mary'
sudo usermod --expiredate 2024-01-01 mary

Confirm the changes with chage -l as shown earlier.

Automating Account Expiry

For several users or a dynamic setup, you can automate the process using a script that reads from a file containing usernames and their respective expiry dates.

Here is a sample script:

#!/bin/bash
# users.txt format: username:YYYY-MM-DD
while read line; do
  user=$(echo "\$line" | cut -d : -f 1)
  exp_date=$(echo "\$line" | cut -d : -f 2)
  sudo chage --expiredate \$exp_date \$user
done < users.txt

Execute the script to apply the changes:

sudo bash update_expiry.sh

Make sure to create a ‘users.txt’ file with the username and expiry dates separated by a colon.

Locking User Account Post Expiry

Post expiration, it’s a good practice to lock the user account. This can be done using the following:

sudo usermod --lock john

Replace ‘john’ with the username of the expired account.

Graphically Setting Account Expiry Date

If you prefer a GUI approach, Ubuntu offers a way to manage user accounts through the ‘Users and Groups’ management tool.

Navigate to ‘System Settings’ > ‘User Accounts’, click on the user to manage, and under ‘Account Type’, you can set the expiry date.

Cleaning Up Post Expiration

Once an account expires, consider archiving or removing the user’s home directory and mail spool to reclaim space and maintain order on the server:

# Move home directory to an archive location before deletion
sudo mv /home/john /archive/john_backup

# Delete the user's mail spool
sudo deluser --remove-home john

Be cautious with these operations as they affect user data.

Conclusion

Setting up an expiry date for user accounts in Ubuntu enhances the security posture of the system. This tutorial provided various ways to increase system security by efficiently managing user account lifecycles through the command line as well as the GUI. Employ the method that best fits your workflow and security policy.

Next Article: Ubuntu: How to create a public/private key pair

Previous Article: cURL: How to Add Headers and Params When Making HTTP Requests

Series: Linux Tutorials

DevOps