In my previous article, I had explained how to create a new user in Linux. Today you will learn how to modify an existing user account in Linux using the usermod command.
usermod
stands for “User Modification”.
As a Linux Administrator, many times you get requests for modifications in existing User such as change the primary group of the user, add a user to one/multiple supplementary groups, change login name, Lock or Unlock an account, change the Home directory, change UID or GID and so on.
You have to run the usermod command as a root user because upon running this command, it makes changes to the following important configuration files whose owner is root.
- /etc/passwd
- /etc/shadow
- /etc/gshadow
- /etc/group
Table of Contents
Key features of usermod command:
- Set new User ID(UID) for the user account
- Can set new Primary group for the existing user account
- Lock and Unlock the account
- Add user to Single/Multiple Secondary/supplementary groups
- Change login name of an existing user account
- Set custom comments
- Change Home directory of an existing user account
- Move contents of the current home directory to a new home directory
- Set new login shell for the existing user account
- Append user to new supplementary groups without removing the user from other groups.
- Set user account expiration date
- Set unencrypted password for the user account
First of all, let’s focus on some of the most important options that we can use with the usermod
.
Options | Explanation |
---|---|
-c --comment | Set custom comment for a user account |
-d --home | New home directory for the user account |
-e, --expiredate | set account expiration date |
-g, --gid | Force use GROUP as new primary group |
-G, --groups | New list of supplementary GROUPS |
-a, --append | Append the user to the supplemental GROUPS mentioned by the -G option without removing the user from other groups |
-m, --move-home | Move contents of the home directory to the new location (use only with -d) |
-p, --password | Set Unencrypted for a user account |
-s, --shell | New login shell for the user account |
-u, --uid | New UID for the user account |
-l, --login | New value of the login name |
-L, --lock | Lock the user account |
-U, --unlock | Unlock the user account |
--help | Display help page of usermod Command. |
You must follow the syntax given below to use the usermod
command.
usermod [options] LOGIN
1. Change User’s Home Directory
The useradd command refers to two files to create a new user and that is /etc/login.defs
and /etc/default/useradd
.
These files contain some of the user’s default settings such as the user home directory, the default login shell, etc.
That’s why in Linux by default, a new user’s home directory is created inside /home
.
In this example, as you can see, the home directory of a user named ayush is /home/ayush
.
# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/home/ayush:/bin/sh
To set a new home directory for the user pass the -d
option to the usermod
command.
In this example I am changing the user’s home directory from /home/ayush
to /accounts/ayush
.
# usermod -d /accounts/ayush ayush
Type the following command to verify whether a new directory is set.
# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/accounts/ayush:/bin/sh
2. Move the content of the user’s home directory
The above command will only change the user’s home directory but will not transfer the user’s content.
You can change the home directory with the user’s content by using the -m
option with usermod
.
as you can see, the home directory of a user named ayush is /home/ayush
.
# cat /etc/passwd | grep ayush
ayush:x:1120:1006:Ayush Balamukunda Sahu:/home/ayush:/bin/bash
Following command will move the home directory to /accounts/ayush
with the user’s content.
# usermod -d /accounts/ayush -m ayush
3. Set account expiration date
To modify an existing user’s account expiration date use the -e
option with the usermod command.
Here in this example, the current account expiry date of a user named ayush is Jan 01, 2021.
# chage -l ayush
Last password change : Feb 04, 2021
Password expires : never
Password inactive : never
Account expires : Jan 01, 2021
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
To modify the expiration date pass the -e
option to usermod
. The date format you need to follow is YYYY-MM-DD.
In this example I am changing the account expiration date to Feb 04, 2021.
# usermod -e 2021-02-04 ayush
As you can see the account expiration date has changed.
# chage -l ayush
Last password change : Feb 04, 2021
Password expires : never
Password inactive : never
Account expires : Feb 04, 2021
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
4. Change User’s default Login Shell
Linux’s default login shell may vary by distribution.
Right now I am using RHEL 8 in which the default login shell of the user is /bin/sh
.
As you can see the default login shell of the user named ayush is /bin/sh
.
# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/accounts/ayush:/bin/sh
To change the default login shell pass the -s
option to the usermod
command. In this example, I am changing the login shell from /bin/sh
to /bin/bash
.
# usermod -s /bin/bash ayush
Type the following command to check the result.
# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/accounts/ayush:/bin/bash
5. Set custom comment for a user account
To set a custom comment for a user account use the -c
option with the usermod
command.
# usermod -c "Ayush Balamukunda Sahu" ayush
Type the following command to check the result.
# cat /etc/passwd | grep ayush
ayush:x:1108:1108:Ayush Balamukunda Sahu:/home/ayush:/bin/sh
6. Lock a user’s password
To lock a user’s password use the -L
option with usermod
.
In this example, I am locking the password for the user named ayush.
# usermod -L ayush
Type the following command to check whether the user’s password is locked.
If you notice, the encrypted password has an exclamation mark (!
) in front of it that confirms that the user’s password is in a locked state.
# cat /etc/shadow | grep ayush
ayush:!$6$CWccMhl1UHqKQ5zX$Uthk2h7.l1zma7irpFp3SoAhDnaZ5/doa1uHornq8fnEcMNiTBG03PkTAZudwXPvQt1RBjpxMnAuTuw.Tanon0:18662:0:99999:7:::
But such a lock will allow switching to the user or key-based authentication for the user.
Type the following command to lock completely.
# usermod -L -e 1 ayush
7. Unlock a user’s password
To Unlock a user’s password use the -U
option with the usermod
command.
This command unlocks the user’s password by removing the exclamation mark (!
) before the encrypted password.
# usermod -U ayush
8. Set Unencrypted Password for a user account
Issue the following command to set the unencrypted password for a user.
Here I am setting the unencrypted password for a user named ayush.
# usermod -p System@123 ayush
Type the following command to check the result.
# cat /etc/shadow | grep ayush
ayush:System@123:18662:0:99999:7:::
9. Change user’s Primary Group
To change the primary group(GID) of an existing user pass the -g
option to usermod command.
Currently, the primary group ID of a user named ayush
is 1108
.
Note: You can use the id command to print User and Group information for the specified User, OR for the current User.
# id ayush
uid=1110(ayush) gid=1108(ayush) groups=1108(ayush)
The following command will change the user’s primary group ID(GID
) from 1108
to 1006
.
Note: You can also type Group ID instead of Group Name.
# usermod -g group1 ayush
Run the following command to check whether the Group ID has changed.
# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1)
10. Adding a user to multiple groups
To add a user to multiple Secondary/Supplementary groups pass the -G
option to the usermod
command.
Currently, the user named ayush is not a member of any secondary group.
# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1)
The following command will add the user to groups named group2, group3, group4, group5.
# usermod -G group2,group3,group4,group5 ayush
Type the following command to check the result.
# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)
Another option comes with the usermod
command which helps add users to Supplementary groups and that option is -a
.
Then what is the difference between option -G
and -a
.
Let’s try to understand with the help of a Scenario.
Right now I have a user named ayush who is a member of secondary groups named group2, group3, group4, group5.
# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)
Now I want to make this user a member of the group6 without leaving any existing group.
Can this be possible using the option -G
. Let’s see.
# usermod -G group6 ayush
Result:
As you can see, ayush is currently a member of group6 and has been removed from all other groups.
# id ayush
uid=1120(ayush) gid=1006(group1) groups=1006(group1),1109(group6)
We have to use both options -a
and -G
together to complete the task.
# usermod -aG group6 ayush
Result:
# id ayush
uid=1120(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5),1109(group6)
11. Change user’s Login Name
The login name of a user can be changed by using the usermod command.
To do this use the -l
option with usermod
.
In this example, I am changing the login name of a user named ayush.
# id ayush
uid=1108(ayush) gid=1108(ayush) groups=1108(ayush)
The following command will change the existing login name i.e. ayush to sysadmin.
# usermod -l sysadmin ayush
Because we have changed the login name of the user, let’s try to access the details of the old name through the id
command.
# id ayush
id: ‘ayush’: no such user
And as expected id
command could not find any user named ayush but user information can be accessed under the new name.
# id sysadmin
uid=1108(sysadmin) gid=1108(ayush) groups=1108(ayush)
12. Set new User ID (UID) for the User account
To set a new user ID (UID) for a user account use the -u
option with the usermod
command.
# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)
The following command will change the existing User ID (UID) i.e. 1110 to 1120.
# usermod -u 1120 ayush
Type the following command to check the result.
# id ayush
uid=1120(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)
13. Help/Manual page access
Use the following commands to access the Manual Page/Help Page of usermod
command.
# man usermod
# man --help
You can visit at following websites to get more information on usermod
.
Conclusion
I hope you have learned something from this article and you may have found that usermod
is a very important command in Linux.
I have tried my best to include all the features of usermod command in this guide.
Now I’d like to hear your thoughts.
Was this guide useful to you?
Or maybe you have some queries.
Have I not included any command in this guide?
Leave a comment below.