The usermod command modifies the system account files to reflect the changes that are specified on the command line. OPTIONS The options which apply to the usermod command are: -a, -append Add the user to the supplementary group. Updating comments or descriptions. By default, when we create a user from the useradd command.
Linux provides usermod
command by default for the most of the distributions. This command is used to user modification. After user creation the user related information, values and policies can be changed with usermod command. In this tutorial we will look various features of usermod command with examples.
Syntax of the usermod command is like below.
User information is stored in a file named passwd
. This file is located as /etc/passwd
. In the ancient days of Linux and Linux this file is also used to store users password. But storing user information and user credential created security problems and passwords are stored in a separate file named shadown
in the same directory etc
.
There is a columns used to store information about the user. This information can be anything like First name, surname, the birthday etc.
We have set the comment for the user ismail as İsmail Baydan
. We can check the modification with grep command by filtering line contains the user name ismail.
Human users generally have home directory for storing data, file, media etc for their personal or corporate usage. This home directory is generally reside in /home
in Linux root file system.
For example user ismail
will have the /home/ismail
directory as his own home directory for the most the Linux systems. This value can be changed after creation for some reasons like we need to set and application folder for an application user like apache
.
In this example we will change the home directory of user nick
. We will set /mnt
as nick’s home directory like below.
As we can see from grep command output column number 6 is /mnt
which is nick’s new home directory.
Some users are generally created in a hurry for temporary usage and than they forgotten and resides in the system as an active account. This is an security vulnerability and should be avoided with practical solution. One of the action to take to prevent this security issue is setting account expiry date for required accounts. Expire date will be specified in YYYY-MM-DD
format as 2017-02-28
in this example for the user nick
And we will check the account expire date with the following command for the user nick.
As like in the Windows operating systems in Linux operating systems user accounts are associated with groups. There are two type of user group. First type is primary group and each user account have single primary user group. Other type of group is secondary groups where each user may have more than one group. Primary groups of existing users can be changed with usermod command easily.
Previously we have printed the user group. Now we will change the user primary group more detailed information about primary group can be found previous example.
In this example we will add user nick to the root group.
There is two type of supplementary or secondary group addition. First we will specify the supplementary groups for the user and previous supplementary group memberships of the user will be removed if old groups do not presented. Which simply means the user will have only specified groups and all old groups will be reset.
And the second way we will add new supplementary groups to the user but old groups will be preserved. For his operations we will use extra option -a
like below.
User accounts have login names to authentication themselves. In Linux operations systems users are identified by their user ID’s. User names are used an easy way to remember and use. So A user account user ID can not be changed after creation but the user name can be changed easily. In this example we will change user name nick
to the nick1
with option -l
.
Some times we may need to lock some users for various reasons like security, holiday, test etc. User locking means the account will be inactive up to unlock operations and will be no user login for this period. In this example we will lock user nick1
with the -L
option.
As we can see from screenshot in the shadow file a !
is added which simply symbolize the account is locked.
Now in the previous example we have locked the account and we want to unlock the account named nick1. Simply provide -U
options to the usermod command like below.
In Linux user accounts are associated with shells. Shell is the application which interface with user and operating system. There are different type of shells used in Linux community. But the most popular shell is bash
and generally used for most Linux distributions. This default shell for the user account can be changed with -s
options.
In this example we will change the shell of user account nick1 with sh
shell.
User id of and account can be changed too. This change operation is done with -u
option like below. In this example we will change the user nick1 user ID to the 1234
.
This tutorial explains how to use the usermod command in Linux step by step with 15+ practical examples. Learn how the usermod command is used to add user to group, change username, remove user from group, change shell, lock and unlock user account, change group and change home directory.
The usermod command in Linux is used to manage user properties at command line. The syntax of the usermod command is following: -
Following table lists important options with description.
Short option | Long option | Description |
-g | --gid | Used to change user’s primary group |
-G | --groups | Used to change user’s secondary groups. If used individually, will replace user’s existing groups with supplied groups. If you want to add user in supplied groups without removing him from existing group, use -a option along with this option. |
-a | --append | Used with –G option to add user in supplied group or groups. |
-c | --comment | Used to update description field. |
-d | --home | Used to change home directory. |
-m | --move-home | Used to create a new home directory and move all the contents from current directory to new directory. |
-s | --shell | Used to update the login shell |
-l | --login | Used to change the login name |
-L | --lock | Used to lock the account |
-U | --unlock | Used to unlock the account |
In order to understand these options in detail with example, let’s create a user named rhcestudent with default properties.
Following figure shows above commands with output and description.
The useradd command without any options adds a new user account with default setting. The passwd command sets and updates password for user. The grep command search specified pattern in supplied source.
We used grep command, to search and view the user’s default properties. To learn how to use grep command in detail, see this tutorial.
It explains the grep command and its usages with practical examples.
To understand how the user database files are formatted and how users are created, please see the previous parts of this tutorial.
This tutorial is the fifth part of the tutorial “Linux user and group management step by step explained with practical examples”. The other parts of this tutorial are following: -
This tutorial is the first part of the article. It explains what a user account is and how it is managed in the Linux system.
This tutorial is the second part of article. It explains the /etc/passwd file and how it is formatted in detail.
/etc/shadow file in Linux Explained with ExamplesThis tutorial is the third part of article. It explains the /etc/shadow file and how it is formatted in detail.
This tutorial is the fourth part of the article. It explains how to create users in Linux at command prompt step by step.
The usermod command practical examples
Above, we have added a test user account named rhcestudent with default properties. Now let’s update or change his properties with the usermod command.
Updating comments or descriptions
By default, when we create a user from the useradd command, it is created without any description or comment. While creating the user account, we can force the useradd command to add the supplied description with -c option or we can add it with the usermod command later.
In previous part of this tutorial, we have seen the example of adding comment while creating the user account. In this part, let’s learn how to add or update it once the user account is created.
To add or update description, use -c option. Use quote sign, if description contains white space. For example, to add the description 'Neil Patel' for the user rhcestudent, use following command.
To update the existing description, use the same command again with the new description. For example, following command updates description to 'Neil Barbar' for the user rhcestudent.
Following figure shows both commands with output.
Basically, this option replaces the existing description with the supplied description. Since first time there was no description, so the supplied description was added. In other words, there was a blank description which was replaced by the supplied description. Second time, there was a description, so it was replaced with the supplied description.
Changing user’s login shell
By default, user gets the /bin/bash shell. To change it, supply the absolute path of new shell with -s option. For example following command changes the default shell to tcsh for the user rhcestudent
Locking user account
To temporary lock a user account, use -L option. This option adds an exclamation sign before the user’s encrypted password stored in the file /etc/shadow. During authentication, when login process sees this sign, it does not allow user to login even user has supplied correct password. Let’s understand it with example.
Switch to any CLI terminal and login from your test user account.
Now lock your test user’s account with –L option. For example, use following command to lock the account of user rhcestudent.
Following figure shows above command along with the user’s password entry.
Once account is locked, try to login again. This time login request will be rejected with a generic message 'Login is incorrect'.
Unlocking user account
To unlock the locked account, use –U option. For example, to unlock the account of user rhcestudent, uses following command.
Following figure shows user’s password entry before and after this command.
Since this option only removes the exclamation sign placed in front of the encrypted password, it can be used only to unlock the account which is locked by placing an exclamation sing in front of the password.
Once account is unlocked, login process allows user to use his password for login. Let’s login with our test user account again.
This time, not only we are allowed to login but also are informed about the unsuccessful login attempts which we made while account was locked.
Changing home directory
Home directory is the directory where user is placed just after the login by login process. By default it is created in /home directory with the same name as login name. To change it, -d option is used.
For example, following command will configure the directory /userdata/rhcestudent as new home directory for the user rhcestudent.
While using this option, we should remember two important points.
Home directory can be changed only when user is not logged in. If user is logged in, this command will not work.
This command does not create the specified directory. It only replaces the currently configured directory with the new specified directory in user database file (/etc/passwd). We must have to create the specified directory on our own.
Moving user’s home directory
To move user’s home directory, -m option is used. This option creates a new home directory, if not exist, at specified location and moves all contents from current home directory to it. But this option does not update the user database file. To update the user database file, use -d option with this option.
In order to perform all three tasks together; creating of new directory, moving of data from old directory new directory and updating of database file, always use –m option with –d option.
Before we use this option, let’s create a dummy file and folder in current home directory.
Now create a test directory named /userdata and run following command.
Replace the username rhcestudent with the username of your test account.
Second and third commands have been respectively used to verify that new home directory have been created at new location and all data from current home directory has been moved to new home directory.
Following figure illustrates above practice.
Changing primary group
To change a user’s primary group, –g option is used. For example, following command changes the user rhcestundent’s primary group to labuser.
Since this option only updates the user database file, new group must be created manually. Create new primary group, if not already exist, before executing above command.
Following figure shows this exercise step by step.
Changing secondary group
User is added in secondary group as per requirement. There are two ways to update secondary group information; replace and append. To completely replace existing group information with new group information, -G option is used. To add new group information with existing group information, -a option is used along with –G option.
Usermod For Mac Shortcut
Let’s create five dummy groups, to understand both options in detail.
Add user in first three groups. Use –G option to add user in groups.
Verify that user is added in supplied group.
Now add user in remaining two groups.
Check user’s secondary groups again.
Following figure shows above exercise with output.
As we can see in above figure, when we used this command again to add user in remaining groups, user was added in new groups but at the same time it was removed from all existing groups.
Now let’s add user again in remaining groups, but this time use –a option along with –G option.
As we can see in above figure, this time, user was added in new groups along with the existing groups.
Changing login name
Usually changing login name is not recommended, but if require, it can be done with -l option. For example, to replace the login name rhcestudent with saracorner, following command will be used.
Usermod For Mac Commands
Following figure shows this example in detail.
This option only changes the login name, nothing else. In order to reflect this change, if require, we have to rename other properties such as home directory and mail spool manually.
Usermod For Mac Pro
That’s all for this part. In next part, we will learn user password management in detail. For any comment, suggestion or feedback about this tutorial, please mail me. If you like this tutorial, please don’t forget to share it with friends through you favorite social platform.