15+ switches of usermod command with example – Unix/Linux

The Unix/Linux command “usermod” is a useful one to alter the already created user via command line. The command Useradd or adduser is for creating a user in Linux system/server from its command prompt. The basic syntax for creting a user is simply type the username after the command useradd. It will create a user with defined settings. In some situations we need to alter the parameters of a user, in this case we can use the command usermod. See the syntax explained below.

In Unix/Linux the user information are stared in the file /etc/passwd. The important user information are Username, UID(User ID), GID(Group ID), a comment, home directory location, shell details etc. With the command usermod, a lot of switches are available to change those parameters.

Example, you can change the comment of a user in the file /etc/passwd by using the switch “-c” similarly you can change the home directory by using the switch “d”. More details are listed below:

Simply the “usermod” command is used to modify a user account.

# usermod [options] USERNAME

See the default values to compare the usermod output

[root@localhost ~]# useradd me
[root@localhost ~]# grep -w me /etc/passwd

Switches with example:

1, -a, –append
Add the user to the supplementary group(s). Use only with the -G option.

2, -c, –comment COMMENT

The new value of the user´s password file comment field. It is normally modified using the chfn(1) utility.

[root@localhost ~]# usermod -c "I'm usermod" me
[root@localhost ~]# grep -w me /etc/passwd
me:x:502:502:I'm usermod:/home/me:/bin/bash

Comment field changed to “I’m usermod”

3, -d, –home HOME_DIR

The user´s new login directory.
If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist.

[root@localhost ~]# usermod -d /home/meusermod  me
[root@localhost ~]# grep -w me /etc/passwd
me:x:502:502:I'm usermod:/home/meusermod:/bin/bash

4, -e, –expiredate EXPIRE_DATE

The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.

5, -f, –inactive INACTIVE

The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.

6, -g, –gid GROUP

The group name or number of the user´s new initial login group. The group must exist.

[root@localhost ~]# usermod -g 0  me
[root@localhost ~]# grep -w me /etc/passwd
me:x:502:0:I'm usermod:/home/meusermod:/bin/bash

7, -G, –groups GROUP1[,GROUP2,…[,GROUPN]]]

A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.

[root@localhost ~]# usermod -G crybit  me
[root@localhost ~]# groupmems -g crybit -l

8, -l, –login NEW_LOGIN

The name of the user will be changed from LOGIN to NEW_LOGIN. Nothing else is changed. In particular, the user´s home directory name should probably be changed manually to reflect the new login name.

[root@localhost ~]# usermod -l namechange me
usermod: warning: /var/spool/mail/me not owned by me
[root@localhost ~]# grep -w me /etc/passwd
[root@localhost ~]# tail -n2 /etc/passwd
namechange:x:502:0:I'm usermod:/home/meusermod:/bin/bash

Login name changed to “namechange”

9, -L, –lock

Lock a user´s password. This puts a ´!´ in front of the encrypted password, effectively disabling the password. You can´t use this option with -p or -U.
Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1.

[root@localhost ~]# usermod -L me
[root@localhost ~]# grep -w me /etc/shadow

10, -U, –unlock
Unlock a user´s password. This removes the ´!´ in front of the encrypted password. You can´t use this option with -p or -L.
Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from /etc/default/useradd).

[root@localhost ~]# usermod -U me
[root@localhost ~]# grep -w me /etc/shadow

11, -m, –move-home

Move the content of the user´s home directory to the new location. This option is only valid in combination with the -d (or –home) option.

12, -o, –non-unique

When used with the -u option, this option allows to change the user ID to a non-unique value.

13, -p, –password PASSWORD

The encrypted password, as returned by crypt(3).
Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. You should make sure the password respects the system´s password policy.

14, -s, –shell SHELL

The name of the user´s new login shell. Setting this field to blank causes the system to select the default login shell.

[root@localhost ~]# usermod -s /bin me
[root@localhost ~]# grep -w me /etc/passwd
me:x:502:0:I'm usermod:/home/meusermod:/bin

15, -u, –uid UID

The new numerical value of the user´s ID. This value must be unique, unless the -o option is used. The value must be non-negative. Values between 0 and 999 are typically reserved for system accounts.
The user´s mailbox, and any files which the user owns and which are located in the user´s home directory will have the file user ID changed automatically.
The ownership of files outside of the user´s home directory must be fixed manually.

[root@localhost ~]# usermod -u 100000 me
[root@localhost ~]# grep -w me /etc/passwd
me:x:100000:0:I'm usermod:/home/meusermod:/bin

16, -Z, –selinux-user SEUSER

The SELinux user for the user´s login. The default is to leave this field the blank, which causes the system to select the default SELinux user.

Thanks!! 🙂 🙂

Related Links:
groupdel, groupmems, groupmod, useradd

ls, head, tail, top, ps, find, crontab

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

One thought on “15+ switches of usermod command with example – Unix/Linux

Leave a Reply

Your email address will not be published. Required fields are marked *