How To Modify User Accounts in Linux Using usermod Command Linux administrators often receive requests to create users in Linux unless the organization uses LDAP and also to modify or change existing user’s attributes. As a Linux administrator, you should be well versed with creating users, removing users, and modifying users in Linux. This post explains to you how to modify user accounts in Linux using the usermod command. Prerequisites To be able to create a user account, you need to be logged in as a root user or a user with sudo privileges. User must already exist in the system. usermod command In Linux, you can change the existing user’s account attributes such as home directory, account expiration date, login shell, etc. with usermod command. Syntax: usermod [options] user_name Use the -d option to change the home directory of the existing user. For example, to change the home directory of the user weadmin to /opt/webadmin, use: usermod -d /opt/webadmin webadmin Verify that the user’s home directory is /opt/webadmin by checking /etc/passwd file. grep -i webadmin /etc/passwd Output: webadmin:x:1000:1000::/opt/webadmin:/bin/bash Change User Home Directory and Move Files When only -d is specified as an option for usermod command, it just changes the existing user’s home directory to /opt/webadmin, not the files or directories present in the old home directory. If you want to move the existing user’s files along, use the -d and -m option. usermod -d /opt/webadmin -m webadmin Verify that files have been moved to the new home directory. ls -al /opt/webadmin [root@server ~]# ls -al /opt/webadmin total 16 drwx------. 2 webadmin webadmin 83 Apr 22 12:54 . drwxr-xr-x. 3 root root 22 Apr 22 12:54 .. -rw-------. 1 webadmin webadmin 10 Apr 22 12:54 .bash_history -rw-r--r--. 1 webadmin webadmin 18 Apr 10 2018 .bash_logout -rw-r--r--. 1 webadmin webadmin 193 Apr 10 2018 .bash_profile -rw-r--r--. 1 webadmin webadmin 231 Apr 10 2018 .bashrc [root@server ~]# Change User Login Name This option is beneficial if you have created a user with misspelled names. Use the -l option to change the login name of the existing user. For example, to change the login name of the user weadmin to webmaster, use: usermod -l webmaster webadmin Verify with id command to see if the webadmin user is still present in your system. id webadmin You should get id: webadmin: no such user message. Check for webmaster account in the system. grep -i webmaster /etc/passwd Output: webmaster:x:1000:1000::/opt/webadmin:/bin/bash Change User’s UID Use the -u option to change user’s UID to a specific UID. To change the UID of webmaster with UID of 1999, you need to use. Recommended to choose the UID between 1000 to 60000. usermod -u 1999 webmaster Verify that the user’s UID is 1999 using the id command. id webmaster Output: uid=1999(webmaster) gid=1000(webadmin) groups=1000(webadmin) Change User’s Primary Group You can change the existing user primary group with -g option. You can either specify the group name or the GID with usermod command. usermod -g webusers webmaster The group name or GID must already exist. Verify that the user’s primary group is web using the id command. id webmaster Output: uid=1999(webmaster) gid=1001(webusers) groups=1001(webusers) Add existing User to Multiple Groups As you are aware, the user can only be part of one primary group and multiple secondary groups (optional). The -G option is to add a user to additional groups. Using -G option alone will remove all existing groups the user belongs. So, add -a option with -G to add to multiple secondary groups. A comma must separate group names. usermod -a -G group_name1,group_name2,group_name3 user_name Verify the groups the user belongs to using the id command. id user_name Output: uid=2000(user_name) gid=2000(user_name) groups=2000(user_name),1002(group_name1),1004(group_name2),1005(group_name3) Change User Account Expiry Date This is quite useful when you want to enable the user whose account has expired. The -e option allows setting the expiry date for the user. The date must be specified in YYYY-MM-DD format. Check the current expiration date of user webmaster with chage command chage -l webmaster Output: Last password change : Apr 22, 2019 Password expires : never Password inactive : never Account expires : Apr 30, 2019 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 The expiration date of the webmaster user is April 30th, 2019. To change the expiry date of webmaster to May 31st, 2019, you can use. usermod -e 2019-05-31 webmaster Verify the user’s expiration date using the chage command. chage -l webmaster Output: Last password change : Apr 22, 2019 Password expires : never Password inactive : never Account expires : May 31, 2019 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 Change User’s Login Shell Sometimes, due to the useradd command’s default behavior, the user you have created may not have correct login shell set. By default, when a useradd command issued without any options, the user will be created with /bin/bash (RHEL) or /bin/sh (Debian / Ubuntu) shell. The -s option change login shell for an existing user. To change the user webmaster login shell to /bin/bash, use. usermod -s /bin/bash webmaster Verify the user’s login shell by reading the /etc/passwd file. grep -i webmaster /etc/passwd Output: webmaster:x:1999:1001::/opt/webadmin:/bin/bash Lock User Account To lock any user account, you can use -L option. This option makes the user account unusable unless you unlock it. usermod -L webmaster Check the account status with the following command. You would see an exclamation (!) added before the encrypted password. grep -i webmaster /etc/shadow Output: webmaster:!$6$kb9ws2Wd$.9Ip0xMGTAeBlZXG7c1Hriaj60VdYkXPQn0o8W2PEkDfjBOEJIT3nm52mBR8B1VTYGXnfyvgt.fxiYy7Q8nOI0:18008:0:99999:7::18047: Unlock User Account The -U option is used to unlock a locked user. usermod -U webmaster Verify the account status post you unlock the user. You should not see any exclamation (!) before the encrypted password. grep -i webmaster /etc/shadow Output: webmaster:$6$kb9ws2Wd$.9Ip0xMGTAeBlZXG7c1Hriaj60VdYkXPQn0o8W2PEkDfjBOEJIT3nm52mBR8B1VTYGXnfyvgt.fxiYy7Q8nOI0:18008:0:99999:7::18047: Conclusion I hope you have learned how to use the usermod command in Linux to modify user attributes. The examples were shown with a single option. However, you can combine options to get the desired results. l