A Complete Guide to Usage of \'usermod\' command

As a system administrator, you frequently need to modify user accounts on your Linux system. The usermod command is a powerful Linux utility that enables you to modify user account information such as username, user ID (UID), group ID (GID), home directory, login shell, and more.

What is the Usermod Command?

The usermod command is a Linux system administration tool that modifies existing user account properties. It works by updating the /etc/passwd, /etc/shadow, and /etc/group files that store user account information on your Linux system. Unlike useradd which creates new users, usermod changes existing user accounts without deleting and recreating them.

Basic Syntax

The basic syntax of the usermod command is

usermod [options] username

Here, username is the name of the user account you want to modify, and options represent various flags that change specific user account properties.

Common Usermod Options

Changing Username

To change the username of an existing account, use the -l (or --login) option

sudo usermod -l newusername oldusername

Note: This changes only the login name. The home directory path remains unchanged unless you also use -d and -m options.

Changing User ID (UID)

To change the UID of a user account, use the -u (or --uid) option

sudo usermod -u 1001 username

Changing Primary Group (GID)

To change the primary group ID, use the -g (or --gid) option

sudo usermod -g newgroup username

Adding Supplementary Groups

To add a user to additional groups without removing existing group memberships, use -a with -G

sudo usermod -a -G group1,group2 username

Warning: Using -G without -a will replace all existing supplementary groups.

Changing Home Directory

To change the home directory path, use the -d option. Add -m to move existing files

sudo usermod -d /new/home/path -m username

Changing Login Shell

To change the default login shell, use the -s (or --shell) option

sudo usermod -s /bin/zsh username

Account Locking and Unlocking

To lock a user account (prevent login), use the -L option

sudo usermod -L username

To unlock the account, use the -U option

sudo usermod -U username

Useful Options Reference

Best Practices

Always Use Sudo

The usermod command requires root privileges. Always prefix commands with sudo or run as the root user to avoid permission errors.

Verify Changes

After making modifications, verify the changes using

id username
getent passwd username

Backup Critical Files

Before making significant changes, backup the /etc/passwd and /etc/shadow files

sudo cp /etc/passwd /etc/passwd.backup
sudo cp /etc/shadow /etc/shadow.backup

Check User Activity

Ensure the user is not currently logged in when making changes, especially when modifying UID or home directories. Use who or w commands to check active sessions.

Example Complete User Modification

Here's an example that demonstrates changing multiple properties at once

# Change username, UID, home directory, and shell
sudo usermod -l johnsmith -u 2001 -d /home/johnsmith -m -s /bin/bash olduser

# Add to multiple groups
sudo usermod -a -G sudo,developers,docker johnsmith

# Set account expiration
sudo usermod -e 2024-12-31 johnsmith

Conclusion

The usermod command is an essential tool for Linux system administrators to modify existing user accounts efficiently. By understanding its various options and following best practices like using sudo privileges and verifying changes, you can safely manage user accounts without disrupting system functionality.