During a new-hire onboarding project you are writing a Bash script that loops through a CSV and provisions local accounts on several RHEL servers. Inside the loop the script currently runs:
Functional tests show the accounts are created, but security policy requires every new user to be forced to choose a unique password at first logon. What single additional command or option should you insert in the same loop to meet the requirement without any manual follow-up?
The chage command controls password-aging attributes that the useradd and chpasswd lines do not touch. Adding chage -d 0 "$u" sets the last password change date to the Unix epoch (0 days since 1970-01-01). Because the stored date is now in the past, the password is considered expired and the user must set a new one the next time they authenticate.
usermod -L "$u" would lock the password by prepending an exclamation mark, preventing any logon at all rather than forcing a reset.
useradd -N "$u" only tells useradd not to create a per-user group and has no effect on password aging.
passwd -n 0 "$u" changes the minimum number of days between password changes to zero; it does not expire the current password, so the user is still able to log in without changing it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `chage -d 0` command do?
Open an interactive chat with Bash
Why is using `usermod -L` not appropriate in this context?
Open an interactive chat with Bash
What is the difference between expiring a password with `chage` and setting a minimum age with `passwd -n`?