usermod Command in Linux with Examples

In my previous article, I had explained how to create a new user in Linux. Today you will learn how to modify an existing user account in Linux using the usermod command.

usermod stands for “User Modification”.

As a Linux Administrator, many times you get requests for modifications in existing User such as change the primary group of the user, add a user to one/multiple supplementary groups, change login name, Lock or Unlock an account, change the Home directory, change UID or GID and so on.

You have to run the usermod command as a root user because upon running this command, it makes changes to the following important configuration files whose owner is root.

  • /etc/passwd
  • /etc/shadow
  • /etc/gshadow
  • /etc/group

Key features of usermod command:

  • Set new User ID(UID) for the user account
  • Can set new Primary group for the existing user account
  • Lock and Unlock the account
  • Add user to Single/Multiple Secondary/supplementary groups
  • Change login name of an existing user account
  • Set custom comments
  • Change Home directory of an existing user account
  • Move contents of the current home directory to a new home directory
  • Set new login shell for the existing user account
  • Append user to new supplementary groups without removing the user from other groups.
  • Set user account expiration date
  • Set unencrypted password for the user account

First of all, let’s focus on some of the most important options that we can use with the usermod.

OptionsExplanation
-c --commentSet custom comment for a user account
-d --homeNew home directory for the user account
-e, --expiredateset account expiration date
-g, --gidForce use GROUP as new primary group
-G, --groupsNew list of supplementary GROUPS
-a, --appendAppend the user to the supplemental GROUPS mentioned by the -G option without removing the user from other groups
-m, --move-homeMove contents of the home directory to the new location (use only with -d)
-p, --passwordSet Unencrypted for a user account
-s, --shellNew login shell for the user account
-u, --uidNew UID for the user account
-l, --loginNew value of the login name
-L, --lockLock the user account
-U, --unlockUnlock the user account
--helpDisplay help page of usermod Command.

You must follow the syntax given below to use the usermod command.

usermod [options] LOGIN

1. Change User’s Home Directory

The useradd command refers to two files to create a new user and that is /etc/login.defs and /etc/default/useradd.

These files contain some of the user’s default settings such as the user home directory, the default login shell, etc.

That’s why in Linux by default, a new user’s home directory is created inside /home.

In this example, as you can see, the home directory of a user named ayush is /home/ayush.

# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/home/ayush:/bin/sh

To set a new home directory for the user pass the -d option to the usermod command.

In this example I am changing the user’s home directory from /home/ayush to /accounts/ayush.

# usermod -d /accounts/ayush ayush

Type the following command to verify whether a new directory is set.

# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/accounts/ayush:/bin/sh

2. Move the content of the user’s home directory

The above command will only change the user’s home directory but will not transfer the user’s content.

You can change the home directory with the user’s content by using the -m option with usermod.

as you can see, the home directory of a user named ayush is /home/ayush.

# cat /etc/passwd | grep ayush
ayush:x:1120:1006:Ayush Balamukunda Sahu:/home/ayush:/bin/bash

Following command will move the home directory to /accounts/ayush with the user’s content.

# usermod -d /accounts/ayush -m ayush

3. Set account expiration date

To modify an existing user’s account expiration date use the -e option with the usermod command.

Here in this example, the current account expiry date of a user named ayush is Jan 01, 2021.

# chage -l ayush
Last password change					: Feb 04, 2021
Password expires					: never
Password inactive					: never
Account expires						: Jan 01, 2021
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

To modify the expiration date pass the -e option to usermod. The date format you need to follow is YYYY-MM-DD.

In this example I am changing the account expiration date to Feb 04, 2021.

# usermod -e 2021-02-04 ayush

As you can see the account expiration date has changed.

# chage -l ayush
Last password change					: Feb 04, 2021
Password expires					: never
Password inactive					: never
Account expires						: Feb 04, 2021
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

4. Change User’s default Login Shell

Linux’s default login shell may vary by distribution.

Right now I am using RHEL 8 in which the default login shell of the user is /bin/sh.

As you can see the default login shell of the user named ayush is /bin/sh.

# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/accounts/ayush:/bin/sh

To change the default login shell pass the -s option to the usermod command. In this example, I am changing the login shell from /bin/sh to /bin/bash.

# usermod -s /bin/bash ayush

Type the following command to check the result.

# cat /etc/passwd | grep ayush
ayush:x:1110:1108:Ayush Balamukunda Sahu:/accounts/ayush:/bin/bash

5. Set custom comment for a user account

To set a custom comment for a user account use the -c option with the usermod command.

# usermod -c "Ayush Balamukunda Sahu" ayush

Type the following command to check the result.

# cat /etc/passwd | grep  ayush
ayush:x:1108:1108:Ayush Balamukunda Sahu:/home/ayush:/bin/sh

6. Lock a user’s password

To lock a user’s password use the -L option with usermod.

In this example, I am locking the password for the user named ayush.

# usermod -L ayush

Type the following command to check whether the user’s password is locked.

If you notice, the encrypted password has an exclamation mark (!) in front of it that confirms that the user’s password is in a locked state.

# cat /etc/shadow | grep  ayush
ayush:!$6$CWccMhl1UHqKQ5zX$Uthk2h7.l1zma7irpFp3SoAhDnaZ5/doa1uHornq8fnEcMNiTBG03PkTAZudwXPvQt1RBjpxMnAuTuw.Tanon0:18662:0:99999:7:::
To lock an user's password

But such a lock will allow switching to the user or key-based authentication for the user.

Type the following command to lock completely.

# usermod -L -e 1 ayush

7. Unlock a user’s password

To Unlock a user’s password use the -U option with the usermod command.

This command unlocks the user’s password by removing the exclamation mark (!) before the encrypted password.

# usermod -U ayush

8. Set Unencrypted Password for a user account

Issue the following command to set the unencrypted password for a user.

Here I am setting the unencrypted password for a user named ayush.

# usermod -p System@123 ayush

Type the following command to check the result.

# cat /etc/shadow | grep ayush
ayush:System@123:18662:0:99999:7:::

9. Change user’s Primary Group

To change the primary group(GID) of an existing user pass the -g option to usermod command.

Currently, the primary group ID of a user named ayush is 1108.

Note: You can use the id command to print User and Group information for the specified User, OR for the current User.

# id ayush
uid=1110(ayush) gid=1108(ayush) groups=1108(ayush)

The following command will change the user’s primary group ID(GID) from 1108 to 1006.

Note: You can also type Group ID instead of Group Name.

# usermod -g group1 ayush

Run the following command to check whether the Group ID has changed.

# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1)

10. Adding a user to multiple groups

To add a user to multiple Secondary/Supplementary groups pass the -G option to the usermod command.

Currently, the user named ayush is not a member of any secondary group.

# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1)

The following command will add the user to groups named group2, group3, group4, group5.

# usermod -G group2,group3,group4,group5 ayush

Type the following command to check the result.

# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)

Another option comes with the usermod command which helps add users to Supplementary groups and that option is -a.

Then what is the difference between option -G and -a.

Let’s try to understand with the help of a Scenario.

Right now I have a user named ayush who is a member of secondary groups named group2, group3, group4, group5.

# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)

Now I want to make this user a member of the group6 without leaving any existing group.

Can this be possible using the option -G. Let’s see.

# usermod -G group6 ayush

Result:

As you can see, ayush is currently a member of group6 and has been removed from all other groups.

# id ayush
uid=1120(ayush) gid=1006(group1) groups=1006(group1),1109(group6)

We have to use both options -a and -G together to complete the task.

# usermod -aG group6 ayush

Result:

# id ayush
uid=1120(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5),1109(group6)

11. Change user’s Login Name

The login name of a user can be changed by using the usermod command.

To do this use the -l option with usermod.

In this example, I am changing the login name of a user named ayush.

# id ayush
uid=1108(ayush) gid=1108(ayush) groups=1108(ayush)

The following command will change the existing login name i.e. ayush to sysadmin.

# usermod -l sysadmin ayush

Because we have changed the login name of the user, let’s try to access the details of the old name through the id command.

# id ayush
id: ‘ayush’: no such user

And as expected id command could not find any user named ayush but user information can be accessed under the new name.

# id sysadmin
uid=1108(sysadmin) gid=1108(ayush) groups=1108(ayush)

12. Set new User ID (UID) for the User account

To set a new user ID (UID) for a user account use the -u option with the usermod command.

# id ayush
uid=1110(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)

The following command will change the existing User ID (UID) i.e. 1110 to 1120.

# usermod -u 1120 ayush

Type the following command to check the result.

# id ayush
uid=1120(ayush) gid=1006(group1) groups=1006(group1),1007(group2),1008(group3),1009(group4),1010(group5)

13. Help/Manual page access

Use the following commands to access the Manual Page/Help Page of usermod command.

# man usermod
# man --help

You can visit at following websites to get more information on usermod.

Conclusion

I hope you have learned something from this article and you may have found that usermod is a very important command in Linux.

I have tried my best to include all the features of usermod command in this guide.

Now I’d like to hear your thoughts.

Was this guide useful to you?

Or maybe you have some queries.

Have I not included any command in this guide?

Leave a comment below.

If you like our content, please consider buying us a coffee.

Buy Me A Coffee

We are thankful for your never ending support.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.