In a Linux environment, the system administrator is often required to tailor the user account according to infrastructure changes, security, or administrative purposes. In this tutorial, we learn about usermod command in Linux with examples.
The usermod command is used in Linux to modify user accounts after it is created. It supports many options to alter the attributes of accounts. While adduser or useradd commands are used to create new user accounts, usermod is solely used to make changes.
The basic syntax of usermod:
usermod [OPTIONS] USERNAME
Where OPTIONS determine what properties of the user account have to be modified.
Options and description
Here we have listed some of the useful options of usermod.
- -m, --move-home : Move users home directory.
- -d, --home HOME_DIR : Specify new home directory location. Commonly used with -m option to move a user's home direction to a new location.
- -g, --gid GROUP : Change the users primary group
- -G, --groups GROUP1,GROUP2,... : Specify the supplementary group a user member of.
- -a. -append : Add user to the group specified by -G.
- -l, --login NEW_LOGIN : Rename user account.
- -L, --lock : Lock user account.
- -U : Unlock user account.
- -e, --expiredate EXPIRE_DATE : Set user account expiration date.
- -c, --comment COMMENT : Set a new value for the comment field.
- -s, --shell SHELL : Change the current shell.
- -p, --password PASSWORD : Set an encrypted password for the user account.
Common Use-Cases and Examples
Let's discuss some of the common use cases of usermod command with examples.
Change a user’s home directory
Based on different situations ( such as running out of space, migrating new disk, new directory structure) system administrator has to change the user's home directory.
The usermod command allows changing the user's home directory with a combination of -d and -m options. Where -d specify the new home directory and -m move the content from the current directory to the new directory.
Let's look into an example:
sudo usermod -d /mnt/home/bob -m bob
This command changes the current home directory of the user named bob to the /mnt/home directory. It moves all the contents and also changes the record in /etc/passwd file.
This move operation makes sure the destination directory gets the same permissions and ownership of the source.
Modifying a user’s primary group
Files created by the user are generally owned by their primary group. You can modify a user's primary group using -g option with usermod.
usermod -g new_primary_group username
sudo usermod -g thomas tom
Here we have changed the primary group of user "tom" to "thomas". After changing you can verify a user primary group using the id -gn tom command.
Adding a user to supplementary group
The supplementary (secondary) group gives additional permissions without changing the primary group of a user. For adding a user to one more groups use -aG option with usermod command. Where -G specifies the list of supplementary groups the user will belong to and -a tells usermod to append user to the given group.
usermod -aG group1,group2 username
sudo usermod -aG sudo,devteam bob
This command add the user bob to the sudo and docker groups. After changing you can verify using groups bob command. In the output following colon shows the groups the user belongs to - the first name is the primary group and the following are the supplementary group names.
Rename a user account
To rename a user account use -l option with usermod. This makes sure the username and all appropriate permissions and groups are changed as well.
usermod -l new_username old_username
sudo usermod -l bobnew bob
This command rename the user account bob to bobnew. Ensure the user is not logged in when you rename it.
Locking and unlocking user accounts
Locking user accounts prevents users from logging into the system. This is usually done by system administrators when user employee departures, security concerns, etc. The usermod -L and -U option can be used to lock and unlock user accounts respectively.
sudo usermod -L bob
This command locks (prevent password-based logins) the user account named bob. The locked account would have '!' prefix to the encrypted password in its record in /etc/shadow file.
Remember: The locked password still can be accessed if you have other authentication mechanisms such as SSH keys. To make a stronger measure you can use usermod -L -e 1 username, this will immediately lock and set the account expired for the user account.
To unlock the account, use the following command
sudo usermod -U bob
This unlocks the user account named bob.
Changing a user’s shell
The user's shell is the command line interface a user interacts with when logging in. There are many shells available such as bash, sh, csh, zsh, etc. You can use -s option with usermod command to modify a user's login shell.
sudo usermod -s /bin/dash tom
This command changes the current login shell of user bob from /bin/sh to /bin/bash. You can verify by checking the user record in /etc/passwd file.
Setting an account expiration date
The account expiration is the date after the account become inactive but all the records and files will remain. Use -e option following the expiration date in YYYY-MM-DD format will set the specified user account to expire.
sudo usermod -e 2023-08-15 bob
This usermod command set the user account of bob to expire on 15th August 2023. You can verify it using the chage -l bob command.