15+ switches of usermod command with example – Unix/Linux

The Unix/Linux command “usermod” is a useful one to alter the already created user via command line. The command Useradd or adduser is for creating a user in Linux system/server from its command prompt. The basic syntax for creting a user is simply type the username after the command useradd. It will create a user with defined settings. In some situations we need to alter the parameters of a user, in this case we can use the command usermod. See the syntax explained below.

In Unix/Linux the user information are stared in the file /etc/passwd. The important user information are Username, UID(User ID), GID(Group ID), a comment, home directory location, shell details etc. With the command usermod, a lot of switches are available to change those parameters.

Example, you can change the comment of a user in the file /etc/passwd by using the switch “-c” similarly you can change the home directory by using the switch “d”. More details are listed below:

Simply the “usermod” command is used to modify a user account.
Syntax:

# usermod [options] USERNAME

See the default values to compare the usermod output

[[email protected] ~]# useradd me
[[email protected] ~]# grep -w me /etc/passwd
me:x:502:502::/home/me:/bin/bash

Switches with example:

1, -a, –append
Add the user to the supplementary group(s). Use only with the -G option.

2, -c, –comment COMMENT

The new value of the user´s password file comment field. It is normally modified using the chfn(1) utility.
Example:

[[email protected] ~]# usermod -c "I'm usermod" me
[[email protected] ~]# grep -w me /etc/passwd
me:x:502:502:I'm usermod:/home/me:/bin/bash

Comment field changed to “I’m usermod”

3, -d, –home HOME_DIR

The user´s new login directory.
If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist.
Example:

[[email protected] ~]# usermod -d /home/meusermod  me
[[email protected] ~]# grep -w me /etc/passwd
me:x:502:502:I'm usermod:/home/meusermod:/bin/bash

4, -e, –expiredate EXPIRE_DATE

The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.

5, -f, –inactive INACTIVE

The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.

6, -g, –gid GROUP

The group name or number of the user´s new initial login group. The group must exist.
Example:

[[email protected] ~]# usermod -g 0  me
[[email protected] ~]# grep -w me /etc/passwd
me:x:502:0:I'm usermod:/home/meusermod:/bin/bash

7, -G, –groups GROUP1[,GROUP2,…[,GROUPN]]]

A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.
Example:

[[email protected] ~]# usermod -G crybit  me
[[email protected] ~]# groupmems -g crybit -l
me 

8, -l, –login NEW_LOGIN

The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user´s home directory name should probably be changed manually to reflect the new login name.
Example:

[[email protected] ~]# usermod -l namechange me
usermod: warning: /var/spool/mail/me not owned by me
[[email protected] ~]# grep -w me /etc/passwd
[[email protected] ~]# tail -n2 /etc/passwd
crybit:x:501:501::/home/crybit:/bin/bash
namechange:x:502:0:I'm usermod:/home/meusermod:/bin/bash

Login name changed to “namechange”

9, -L, –lock

Lock a user´s password. This puts a ´!´ in front of the encrypted password, effectively disabling the password. You can´t use this option with -p or -U.
Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1.
Example:

[[email protected] ~]# usermod -L me
[[email protected] ~]# grep -w me /etc/shadow
me:!$6$E6bjJlI1$Phbo3rhsWNoHBwkRyGgPZV0BBM8.okQyJZifbHNzrGsmBsREmcxfNLv9TrKIX34zA7e3Hv/J0LxzxEIOTTt7n/:16101:0:99999:7:::

10, -U, –unlock
Unlock a user´s password. This removes the ´!´ in front of the encrypted password. You can´t use this option with -p or -L.
Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from /etc/default/useradd).

[[email protected] ~]# usermod -U me
[[email protected] ~]# grep -w me /etc/shadow
me:$6$E6bjJlI1$Phbo3rhsWNoHBwkRyGgPZV0BBM8.okQyJZifbHNzrGsmBsREmcxfNLv9TrKIX34zA7e3Hv/J0LxzxEIOTTt7n/:16101:0:99999:7:::

11, -m, –move-home

Move the content of the user´s home directory to the new location. This option is only valid in combination with the -d (or –home) option.

12, -o, –non-unique

When used with the -u option, this option allows to change the user ID to a non-unique value.

13, -p, –password PASSWORD

The encrypted password, as returned by crypt(3).
Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. You should make sure the password respects the system´s password policy.

14, -s, –shell SHELL

The name of the user´s new login shell. Setting this field to blank causes the system to select the default login shell.
Example:

[[email protected] ~]# usermod -s /bin me
[[email protected] ~]# grep -w me /etc/passwd
me:x:502:0:I'm usermod:/home/meusermod:/bin

15, -u, –uid UID

The new numerical value of the user´s ID. This value must be unique, unless the -o option is used. The value must be non-negative. Values between 0 and 999 are typically reserved for system accounts.
The user´s mailbox, and any files which the user owns and which are located in the user´s home directory will have the file user ID changed automatically.
The ownership of files outside of the user´s home directory must be fixed manually.

[[email protected] ~]# usermod -u 100000 me
[[email protected] ~]# grep -w me /etc/passwd
me:x:100000:0:I'm usermod:/home/meusermod:/bin

16, -Z, –selinux-user SEUSER

The SELinux user for the user´s login. The default is to leave this field the blank, which causes the system to select the default SELinux user.

Thanks!! 🙂 🙂

Related Links:
groupdel, groupmems, groupmod, useradd

More:
ls, head, tail, top, ps, find, crontab

Arunlal Ashok

Linux Server Administrator. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

1 Response

  1. February 7, 2014

    […] Related Links: Command to find out the current shell [USERMOD]How to change the shell for an already existing user – Unix/Linux The usermod […]

Leave a Reply

Your email address will not be published. Required fields are marked *