usermod Command in Linux [With Examples]

Written by: Linuxopsys   |   Last updated: August 8, 2023

The usermod command is used in Linux to modify user accounts after it is created. It supports many options to alter the attributes of accounts. While adduser or useradd commands are used to create new user accounts, usermod is solely used to make changes.

In this tutorial, we learn about usermod command in Linux with examples.

Syntax

The basic syntax of usermod:

usermod [OPTIONS] USERNAME

Where OPTIONS determine what properties of the user account have to be modified.

Options and description

Here we have listed some of the useful options of usermod.

  • -m, --move-home : Move users home directory.
  • -d, --home HOME_DIR : Specify new home directory location. Commonly used with -m option to move a user's home direction to a new location.
  • -g, --gid GROUP : Change the users primary group
  • -G, --groups GROUP1,GROUP2,... : Specify the supplementary group a user member of.
  • -a, --append : Add user to the group specified by -G.
  • -l, --login NEW_LOGIN : Rename user account.
  • -L, --lock : Lock user account.
  • -U : Unlock user account.
  • -e, --expiredate EXPIRE_DATE : Set user account expiration date.
  • -c, --comment COMMENT : Set a new value for the comment field.
  • -s, --shell SHELL : Change the current shell.
  • -p, --password PASSWORD : Set an encrypted password for the user account.

Common Use-Cases and Examples

Let's discuss some of the common use cases of usermod command with examples.

Change a user’s home directory

Based on different situations ( such as running out of space, migrating new disk, new directory structure) system administrator has to change the user's home directory.

The usermod command allows changing the user's home directory with a combination of -d and -m options. Where -d specify the new home directory and -m move the content from the current directory to the new directory.

Let's look into an example:

sudo usermod -d /mnt/home/bob -m bob
change user's home directory using -d and -m option

This command changes the current home directory of the user named bob to the /mnt/home directory. It moves all the contents and also changes the record in /etc/passwd file.

This move operation makes sure the destination directory gets the same permissions and ownership of the source.

Modifying a user’s primary group

Files created by the user are generally owned by their primary group. You can modify a user's primary group using -g option with usermod.

Syntax:

usermod -g new_primary_group username

Example

sudo usermod -g thomas tom
change user's primary group

Here we have changed the primary group of user "tom" to "thomas". After changing you can verify a user primary group using the id -gn tom command.

Adding a user to supplementary group

The supplementary (secondary) group gives additional permissions without changing the primary group of a user. For adding a user to one more groups use -aG option with usermod command. Where -G specifies the list of supplementary groups the user will belong to and -a tells usermod to append user to the given group.

Syntax:

usermod -aG group1,group2 username

Example:

sudo usermod -aG sudo,devteam bob
add user account bob to sudo and devteam group

This command add the user bob to the sudo and docker groups. After changing you can verify using groups bob command. In the output following colon shows the groups the user belongs to - the first name is the primary group and the following are the supplementary group names.

Rename a user account

To rename a user account use -l option with usermod. This makes sure the username and all appropriate permissions and groups are changed as well.

Syntax:

usermod -l new_username old_username

Example:

sudo usermod -l bobnew bob
rename a user account using usermod

This command rename the user account bob to bobnew. Ensure the user is not logged in when you rename it.

Locking and unlocking user accounts

Locking user accounts prevents users from logging into the system. This is usually done by system administrators when user employee departures, security concerns, etc. The usermod -L and -U option can be used to lock and unlock user accounts respectively.

Example:

sudo usermod -L bob
lock a user account using usermod

This command locks (prevent password-based logins) the user account named bob. The locked account would have '!' prefix to the encrypted password in its record in /etc/shadow file.

Remember: The locked password still can be accessed if you have other authentication mechanisms such as SSH keys. To make a stronger measure you can use usermod -L -e 1 username, this will immediately lock and set the account expired for the user account.

To unlock the account, use the following command

sudo usermod -U bob

This unlocks the user account named bob.

Changing a user’s shell

The user's shell is the command line interface a user interacts with when logging in. There are many shells available such as bash, sh, csh, zsh, etc. You can use -s option with usermod command to modify a user's login shell.

Example:

sudo usermod -s /bin/dash tom
change shell of user account tom to /bin/dash

This command changes the current login shell of user bob from /bin/sh to /bin/bash. You can verify by checking the user record in /etc/passwd file.

Setting an account expiration date

The account expiration is the date after the account become inactive but all the records and files will remain. Use -e option following the expiration date in YYYY-MM-DD format will set the specified user account to expire.

Example:

sudo usermod -e 2023-08-15 bob
set user account expiration date

This usermod command set the user account of bob to expire on 15th August 2023. You can verify it using the chage -l bob command.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment