Linux administrators often receive requests to create users in Linux unless the organization uses LDAP and also to modify or change existing user’s attributes. As a Linux administrator, you should be well versed with creating users, removing users, and modifying users in Linux.
This post explains to you how to modify user accounts in Linux using the usermod command.
Prerequisites
- To be able to create a user account, you need to be logged in as a root user or a user with sudo privileges.
- User must already exist in the system.
usermod command
In Linux, you can change the existing user’s account attributes such as home directory, account expiration date, login shell, etc. with usermod command.
Syntax:
usermod [options] user_name
Change User Home Directory
You will receive this type of request to change user’s home directory for functional id which is used for running applications.
Use the -d option to change the home directory of the existing user.
For example, to change the home directory of the user weadmin to /opt/webadmin, use:
usermod -d /opt/webadmin webadmin
Verify that the user’s home directory is /opt/webadmin by checking /etc/passwd file.
grep -i webadmin /etc/passwd
Output:
webadmin:x:1000:1000::/opt/webadmin:/bin/bash
Change User Home Directory and Move Files
When only -d is specified as an option for usermod command, it just changes the existing user’s home directory to /opt/webadmin, not the files or directories present in the old home directory.
If you want to move the existing user’s files along, use the -d <path_to_homedirectory> and -m option.
usermod -d /opt/webadmin -m webadmin
Verify that files have been moved to the new home directory.
ls -al /opt/webadmin
Output:
[root@server ~]# ls -al /opt/webadmin total 16 drwx------. 2 webadmin webadmin 83 Apr 22 12:54 . drwxr-xr-x. 3 root root 22 Apr 22 12:54 .. -rw-------. 1 webadmin webadmin 10 Apr 22 12:54 .bash_history -rw-r--r--. 1 webadmin webadmin 18 Apr 10 2018 .bash_logout -rw-r--r--. 1 webadmin webadmin 193 Apr 10 2018 .bash_profile -rw-r--r--. 1 webadmin webadmin 231 Apr 10 2018 .bashrc [root@server ~]#
Change User Login Name
This option is beneficial if you have created a user with misspelled names. Use the -l option to change the login name of the existing user.
For example, to change the login name of the user weadmin to webmaster, use:
usermod -l webmaster webadmin
Verify with id command to see if the webadmin user is still present in your system.
id webadmin
You should get id: webadmin: no such user message.
Check for webmaster account in the system.
grep -i webmaster /etc/passwd
Output:
webmaster:x:1000:1000::/opt/webadmin:/bin/bash
Change User’s UID
Use the -u option to change user’s UID to a specific UID. To change the UID of webmaster with UID of 1999, you need to use.
Recommended to choose the UID between 1000 to 60000.
usermod -u 1999 webmaster
Verify that the user’s UID is 1999 using the id command.
id webmaster
Output:
uid=1999(webmaster) gid=1000(webadmin) groups=1000(webadmin)
Change User’s Primary Group
You can change the existing user primary group with -g option.
You can either specify the group name or the GID with usermod command.
usermod -g webusers webmaster
The group name or GID must already exist.
Verify that the user’s primary group is web using the id command.
id webmaster
Output:
uid=1999(webmaster) gid=1001(webusers) groups=1001(webusers)
Add existing User to Multiple Groups
As you are aware, the user can only be part of one primary group and multiple secondary groups (optional). The -G option is to add a user to additional groups.
A comma must separate group names.
usermod -a -G group_name1,group_name2,group_name3 user_name
Verify the groups the user belongs to using the id command.
id user_name
Output:
uid=2000(user_name) gid=2000(user_name) groups=2000(user_name),1002(group_name1),1004(group_name2),1005(group_name3)
Change User Account Expiry Date
This is quite useful when you want to enable the user whose account has expired.
The -e option allows setting the expiry date for the user. The date must be specified in YYYY-MM-DD format.
Check the current expiration date of user webmaster with chage command
chage -l webmaster
Output:
Last password change : Apr 22, 2019
Password expires : never
Password inactive : never
Account expires : Apr 30, 2019
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
The expiration date of the webmaster user is April 30th, 2019. To change the expiry date of webmaster to May 31st, 2019, you can use.
usermod -e 2019-05-31 webmaster
Verify the user’s expiration date using the chage command.
chage -l webmaster
Output:
Last password change : Apr 22, 2019
Password expires : never
Password inactive : never
Account expires : May 31, 2019
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Change User’s Login Shell
Sometimes, due to the useradd command’s default behavior, the user you have created may not have correct login shell set.
By default, when a useradd command issued without any options, the user will be created with /bin/bash (RHEL) or /bin/sh (Debian / Ubuntu) shell.
The -s option change login shell for an existing user.
To change the user webmaster login shell to /bin/bash, use.
usermod -s /bin/bash webmaster
Verify the user’s login shell by reading the /etc/passwd file.
grep -i webmaster /etc/passwd
Output:
webmaster:x:1999:1001::/opt/webadmin:/bin/bash
Lock User Account
To lock any user account, you can use -L option. This option makes the user account unusable unless you unlock it.
usermod -L webmaster
Check the account status with the following command. You would see an exclamation (!) added before the encrypted password.
grep -i webmaster /etc/shadow
Output:
webmaster:!$6$kb9ws2Wd$.9Ip0xMGTAeBlZXG7c1Hriaj60VdYkXPQn0o8W2PEkDfjBOEJIT3nm52mBR8B1VTYGXnfyvgt.fxiYy7Q8nOI0:18008:0:99999:7::18047:
Unlock User Account
The -U option is used to unlock a locked user.
usermod -U webmaster
Verify the account status post you unlock the user. You should not see any exclamation (!) before the encrypted password.
grep -i webmaster /etc/shadow
Output:
webmaster:$6$kb9ws2Wd$.9Ip0xMGTAeBlZXG7c1Hriaj60VdYkXPQn0o8W2PEkDfjBOEJIT3nm52mBR8B1VTYGXnfyvgt.fxiYy7Q8nOI0:18008:0:99999:7::18047:
Conclusion
I hope you have learned how to use the usermod command in Linux to modify user attributes. The examples were shown with a single option. However, you can combine options to get the desired results.