Usermod Command in Linux – Options + Examples

Last updated: April 1, 2022

User accounts have attributes such as group, user information, home directory, login shell, UID, expiry date. For an existing user in Linux, if you wish to change those attributes, you need usermod command.

In this tutorial, we learn how to use usermod command in Linux.

Prerequisites

  • Any Linux system
  • A user with sudo access or root account
  • Basic knowledge of Linux command line
  • An existing user account

What is the usermod command?

The Linux usermod command is a command-line tool that is used to modify the properties of a user in a Linux system. It can modify user account attributes such as group, user information, home directory, login shell, UID, expiry date.

In Linux systems, information about user accounts is typically recorded in the /etc/passwd, /etc/group, /etc/login.defs, /etc/gshadow and /etc/shadow configuration files. Once you execute the usermod command, the command modifies the user account information in the specified files.

Basic Syntax

usermod command takes the following syntax:

usermod [ options ] USER

The usermod command is a privileged command, only the root user or sudo users can successfully run execute the command.

Usermod options

Here are some of the commonly used usermod command options:

OptionsDescription
-aAdds a user to a secondary group. Typically used with the -G option.
-dModifies the user’s new home directory
-eSets expiry date and specifies the date which the user account will be disabled. The expiry date is set in the YYYY-MM-DD format.
-gSets the GID group ID of the user
-GSpecifies the new GROUP that the user will be added.
-lChanges the login name of the user
-LLocks the user’s password
-mTransfers the content of user’s home directory to a new directory
-mSpecifies user’s new login shell.
-uSets the new numerical value of the user’s UID
-UIt unlocks a user’s password

Usermod command Examples

Now let us check how to use usermod command with a few practical examples.

Add a user to a group

Perhaps the most widely used function of the usermod command is adding a user to a group. When a user account is created, the user by default is added to the primary group. The primary group will have the same name as the user. Any other group is called the secondary group. A user can belong to only one primary group and one or more secondary groups.

To add an existing user to a secondary group use the -a ( append ) and -G ( group ) options.

Syntax:

usermod -a -G GROUP USER

To add a user to multiple groups, simply list the groups after the -G option separated by a comma with no whitespaces in between.

Syntax:

usermod -a -G GROUP1, GROUP2  USER

The following command add the user named jack to the secondary group named developers:

usermod -a -G developers jack 
adding user to a group

Note: To create a group you can use groupadd command.

You can verify by checking the following command:

groups jack

The primary group is listed first after the username and the secondary group name comes next.

You may also use the same command to add a user to sudo group, just replace group name with sudo:

usermod -aG sudo jack
adding user to sudo group

You can see from the output, the user jack now belongs to two secondary groups: the developers group and the sudo group.

To add ‘jack’ to multiple groups e.g developers and testers( these already exist in our Linux system ) , run the command:

usermod  -aG developers,testers  jack

Change Primary group of the user

Rarely we may need to change the primary group of the user. To change the primary group of a user, use the -g option followed by the group name and the user.

Syntax:

usermod -g GROUP USER

For example to change the primary group of the user named jack to administrators, type:

usermod -g administrators jack
change primary group

Change user default shell

The login shell is the shell that a user drops into once they log in to the Linux system. Typically, the default shell is set to bash.

To check which shell you are using, run the command:

echo $SHELL
check current using shell

The output /bin/sh confirms that we are using the bash shell.

To change a user default login shell, use the -s option followed by the full path of the shell and username.

Syntax:

usermod -s SHELL USER

For example, to change the shell to zsh for the user jack, type:

usermod -s /usr/bin/zsh jack

Change user name

Although not a common operation, you may need to rename an existing user account to your preferred name. For this, we can change the user login name. The home directory still remains the same with the name of the old username.

To change the user login name, use the -l option.

Syntax:

usermod -l NEW_USERNAME EXISTING_USER

For example, to rename the user account named called jack to mike, type:

usermod -l mike  jack 
change user name

You can verify by checking /etc/passwd file and filtering the user using the grep command. However, the home directory name still remains the same.

The discrepancy between the login name and the login home directory has the tendency to cause confusion. For this reason, it is recommended to change the home directory of the user which we shall look at shortly.

Change user home directory

To change a user's home directory, use the -d option followed by the full path of the user home directory and username.

Syntax:

usermod -d HOME_DIR USER

To change the home directory for the user named mike to /home/mikedata, type:

usermod -d /home/mikedata mike
change user home directory

By default, the command doesn't transfer the contents of the previous home folder to your new home directory. To migrate the contents of the user home directory, use the -m option followed by the user account name.

Syntax:

usermod -d HOME_DIR -m USER

Change User UID

When a new user is created, the Linux system assigns them a unique user identifier known as the UID (Unique Identifier). The UID is what the system uses to reference users on a Linux system. To change the user's numerical UID, invoke the -u option followed by the UID and the name of the user.

Syntax:

usermod -u UID USER

For example to change a UID of the user name mike from 1003 to 1010 , type:

usermod -u 1010 mike
change user UID

For the files owned by the user and located in the user's home directory, the UID will apply. The same holds true for the user’s mailbox file. However, ownership of the user files has to be manually changed.

Change User information

The usermod command also allows you to change the value of the user's comment field (/etc/passwd file) using the -c option.

For example to change the comment filed value to Test user for the user mike, type:

usermod -c "Test user" mike

You can verify by checking the /etc/passwd file by using the following command:

cat /etc/passwd | grep -i mike
change user comment field

Lock and unlock a user account

You can use usermod or chage command to lock or unlock user accounts in Linux.

Using usermod, to lock user account use the -L option. In the following command, we are locking the account belonging to user mike:

usermod -L mike
lock user account

When a user account is locked,  the encrypted user password in the /etc/shadow file is preceded by an exclamation mark. This renders the user's password inactive, effectively disabling the user's ability to log in using password authentication. However, the user can still access the system, using other authentication methods such as SSH key-pair authentication.

To effectively lock out the user, you also need to disable all the authentication methods and configure the account expiry date to 1.

usermod -L -e 1 mike

To unlock a locked user account, use the -U option. This removes the exclamation mark from the user's encrypted password. Therefore, to unlock user account named mike, type:

usermod -U mike

Once the user account is unlocked, the user can log in using the same password.

unlock user account

Set user expiry date

A user's expiry date refers to the day that the account will be disabled. As the password expires, effectively user won't be able to log in.

Syntax:

usermod -e DATE USER

The expiry date is specified using the YYYY-MM-DD format.

Setting an expiry date effectively disables the user from logging in once the expiry date is reached. The following example disables a user called mike on 2022-04-10:

usermod -e "2022-04-10" mike
set expiry date for a user

Users' expiration date is stored in the /etc/shadow file.

To undo this, set an empty expiry date with double quotation marks with nothing in between.

usermod -e " " mike

To get a better view of the user's expiry date, use the following chage -l command:

chage -l mike
check user expiry date using chage

Conclusion

In this tutorial, we learned how to use usermod command to modify user account settings. We can perform a wide range of user account management tasks using this command.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment