usermod Command in Linux
The usermod command is a simple utility in Linux environments that is employed to update existing user accounts by altering attributes such as usernames, group membership, shells, home directories, and password policies.
In contrast to useradd, which adds new users, usermod enables administrators to customize user settings to meet security policies and organizational requirements. Whether altering privileges, updating account information, or establishing access limitations, usermod is a critical utility for Linux system administrators.
Table of Contents
Here is a comprehensive guide to the options available with the usermod command â
Syntax of usermod Command
The basic syntax of usermod follows this structure â
usermod [options] username
Where,
- [options] â Defines the attributes to be modified.
- username â Specifies the existing user account for changes.
usermod Command Options
The usermod command supports multiple options for modifying user accounts. Below are the most commonly used options â
| Options | Description |
|---|---|
| -a, --append | Adds the user to the specified supplementary groups without removing them from their current groups. |
| -b, --badname | Allows usernames that do not conform to standard naming rules. |
| -c, --comment COMMENT | Updates the GECOS field, which contains additional user information such as their full name, office number, or phone number. |
| -d, --home HOME_DIR | Changes the home directory of the user to the specified location. |
| -e, --expiredate EXPIRE_DATE | Sets the expiration date for the user account, preventing access after the given date. |
| -f, --inactive INACTIVE | Defines how many days after a password expires the account should become inactive. |
| -g, --gid GROUP | Assigns a new primary group to the user. |
| -G, --groups GROUPS | Specifies a list of supplementary groups to which the user should be added. |
| -h, --help | Displays help documentation about the command and exits. |
| -l, --login NEW_LOGIN | Changes the username for an existing user account. |
| -L, --lock | Locks the user account, preventing login until it is unlocked. |
| -m, --move-home | Moves all contents from the user's current home directory to a new location (must be used with -d). |
| -o, --non-unique | Allows the use of duplicate UIDs when assigning a new UID to the user account. |
| -p, --password PASSWORD | Updates the user's password using an already encrypted password string instead of setting a new one manually. |
| -P, --prefix PREFIX_DIR | Specifies an alternative directory where /etc/* configuration files are stored for managing system accounts. |
| -r, --remove | Removes the user only from the specified supplementary groups, keeping their primary group unchanged. |
| -R, --root CHROOT_DIR | Executes the usermod command inside a chroot environment, useful for containerized environments. |
| -u, --uid UID | Changes the default login shell for the user (e.g., /bin/bash, /bin/zsh). |
| -U, --unlock | Unlocks a previously locked user account, restoring login access. |
| -v, --add-subuids FIRST-LAST | Adds a range of subordinate UIDs to the user, often used in container environments. |
| -V, --del-subuids FIRST-LAST | Removes a range of subordinate UIDs from the user. |
| -w, --add-subgids FIRST-LAST | Adds a range of subordinate GIDs to the user, useful in managing multi-level permissions. |
| -W, --del-subgids FIRST-LAST | Deletes a range of subordinate GIDs assigned to the user. |
| -Z, --selinux-user SEUSER | Updates the SELinux security context mapping for the user account, ensuring compliance with security policies. |
Examples of usermod Command in Linux
Let's explore a few practical examples of usermod command on Linux environment â
- Changing a User's Home Directory and Moving Files
- Changing a User's Default Shell
- Adding a User to Multiple Groups Without Removing Current Memberships
- Changing a User's UID While Keeping File Ownership
- Changing a User's Username
- Moving a User to a New Primary Group
Changing a User's Home Directory and Moving Files
When a user's home directory needs to be relocated, all files must be transferred to the new directory to maintain seamless access. Instead of manually copying files, usermod allows automatic migration using the -d and -m flags.
To change the home directory and ensure files are moved correctly â
sudo usermod -d /home/newuser -m olduser
The -d option assigns a new home directory (/home/newuser) for the user. The -m flag moves all files from /home/olduser/ to /home/newuser/, ensuring data continuity.
Changing a User's Default Shell
Certain users, especially developers or system administrators, may prefer different shells such as Zsh, Fish, or Dash over the default Bash shell.
To update the user's login shell, run â
sudo usermod -s /bin/zsh developer_mike
The -s flag modifies the default shell, ensuring /bin/zsh loads upon login.
Adding a User to Multiple Groups without Removing Current Memberships
Users often require additional group memberships to access various services, such as Docker, Sudo, or Developer environments. The -G flag assigns multiple groups, while -a ensures existing memberships remain intact.
To append a user to new groups without losing their current assignments â
sudo usermod -aG docker,sudo analyst_jane
The -a flag preserves existing group memberships instead of replacing them. The -G flag specifies additional groups, expanding access privileges.
Changing a User's UID While Keeping File Ownership
When altering system user identity checks, it's important to ensure that user IDs (UIDs) are consistent across different Linux servers. This ensures that file access remains uniform no matter which server is used.
To change a user's UID while retaining file ownership â
sudo usermod -u 1055 data_admin
The -u flag assigns a new UID, helping maintain uniform authentication credentials.
Changing a User's Username
When you want to change the name of a user account, it's crucial to make sure that file access and login details stay the same. Instead of making an entirely new user account, administrators can use usermod command. It allows them to update usernames while ensuring that all current settings and permissions remain unchanged.
sudo usermod -l new_username old_username
The -l flag modifies the login name, effectively renaming the user. All files and permissions remain intact, preventing disruption in access.
Moving a User to a New Primary Group
Each Linux user belongs to a main group that determines which files they can access. When a user's role or job changes, their main group should be updated to align with their new tasks and responsibilities. This ensures that they have the correct access permissions needed for their work.
sudo usermod -g engineers dev_john
The -g flag assigns a new primary group, changing the user's group ownership on default-created files.
Conclusion
The usermod command plays a crucial role in modifying Linux user accounts efficiently, ensuring smooth transitions when updating group memberships, home directories, shells, UID assignments, and account expiration settings.
Using structured options in usermod ensures controlled access management, preventing unauthorized login attempts, improving security enforcement, and maintaining a streamlined system configuration. Mastering usermod enables administrators to manage user modifications dynamically while ensuring compliance with system policies.