Linux Commands – usermod
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed chage command in Linux which is used to update user password expiry information.
https://cloudaffaire.com/linux-commands-chage/
In this blog post, we will discuss usermod command in Linux. usermod command can be used to modify a user in Linux. Using usermod command, you can change a user attribute. You need to have root or sudo privileges to change user attributes.
Linux Commands – usermod:
You can use usermod -l or –login NEW_LOGIN options to rename an existing user. The name of the user will be changed from LOGIN to NEW_LOGIN. usermod -l option only changes the user name nothing else. if you want to change the user’s home directory or mail spool, you need to do it manually.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
############################## ## Linux Commands | usermod ## ############################## ## Prerequisites: One Unix/Linux/POSIX-compliant operating system with bash shell ##-------- ## usermod ##-------- ## usermod [options] LOGIN ## usermod -l or --login NEW_LOGIN options sudo useradd debjeet ## create a user ## User account information. sudo grep "debjeet" /etc/passwd ## debjeet:x:1001:1001::/home/debjeet:/bin/bash groups debjeet ## user debjeet is part of group debjeet sudo usermod -l myuser debjeet ## rename debjeet to myuser ## User account information. sudo grep "myuser" /etc/passwd ## myuser:x:1001:1001::/home/debjeet:/bin/bash groups myuser ## user myuser is part of group debjeet |
You can use usermod -g or –gid GROUP options change the primary group of a user. The new group must exist and any file from the user’s home directory owned by the previous primary group of the user will be owned by this new group. The group ownership of files outside of the user’s home directory must be fixed manually. The change of the group ownership of files inside of the user’s home directory is also not done if the home dir owner uid is different from the current or new user id. This is safety measure for special home directories such as /.
|
1 2 3 4 5 6 7 8 9 |
## usermod -g or --gid GROUP options sudo groupadd -g 1002 mygroup ## create a new group named mygroup sudo usermod -g 1002 myuser ## modify myuser group from debjeet to mygroup groups myuser ## user myuser is part of group mygroup sudo groupdel debjeet ## delete the debjeet group |
You can use usermod -G or –groups GROUP1[,GROUP2,…[,GROUPN]]] options to modify the user secondary groups. Multiple secondary group names can be provided in the form of a list separated by a comma, with no intervening whitespace. If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
## usermod -G or --groups GROUP1[,GROUP2,...[,GROUPN]]] options sudo groupadd mygroup1 ## create new groups sudo groupadd mygroup2 id -g -n myuser ## primary group: mygroup id -G -n myuser ## secondary group: mygroup sudo usermod -G mygroup1,mygroup2 myuser ## add secondary groups id -g -n myuser ## primary group: mygroup id -G -n myuser ## secondary group: mygroup mygroup1 mygroup2 |
You can use usermod -a or –append options with -G option to add the user to the secondary groups by appending. By default, -G option removes any group from the user if the group name is not provided in -G option. This behavior can be changed via the -a option, which appends the user to the current secondary group list.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
## usermod -a or --append options sudo groupadd mygroup3 ## create a new group sudo usermod -G mygroup3 myuser ## add secondary groups id -G -n myuser ## secondary group: mygroup mygroup3 ## mygroup1 and mygroup2 removed sudo usermod -a -G mygroup1,mygroup2 myuser ## add secondary groups ## without -a option, mygroup3 would have been removed id -G -n myuser ## secondary group: mygroup mygroup1 mygroup2 mygroup3 |
You can use usermod -d or –home HOME_DIR options to update user home directory. If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist. If the current home directory does not exist the new home directory will not be created.
You can use usermod -m or –move-home options to move the content of the user’s home directory to the new location. If the current home directory does not exist the new home directory will not be created. This option is only valid in combination with the -d (or –home) option. usermod will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be needed afterward.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
## usermod -m -d or --move-home NEW_HOME_DIR --home HOME_DIR options sudo grep "myuser" /etc/passwd ## myuser:x:1001:1001::/home/debjeet:/bin/bash sudo usermod -m -d /home/myuser myuser ## change home directory with copy sudo grep "myuser" /etc/passwd ## myuser:x:1001:1002::/home/myuser:/bin/bash ## usermod -d or --home HOME_DIR options ## without -m option, you have to manually create and set permission for new home dir ## sudo mkdir /home/myuser ## create a new directory and set permission ## sudo chown myuser:mygroup /home/myuser ## sudo chmod go-rwx /home/myuser ## ls -l /home | grep myuser ## ## sudo usermod -d /home/myuser myuser ## change myuser home directory ## ## does not copy .bash* files ## sudo cp -r /home/debjeet/* /home/myuser/ sudo rm -rf /home/debjeet ## remove the old home directory |
You can use usermod -p or –password PASSWORD option to set the user login credentials. The default is to disable the password.
Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. Instead set the user password using passwd command.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
## usermod -p or --password PASSWORD option options sudo usermod --password "mypwd" myuser ## update myuser password sudo grep "myuser" /etc/shadow ## returns myuser:mypwd:18410:0:99999:7::: su - myuser ## try to login using myuser ## will not work as the password provided with ## --password needs to be encrypted, but we provided in plain ## text, you can use mkpasswd to get the encrypted version sudo passwd myuser ## enter a password as per your system password policy ## generally defined in /etc/pam.d/ su - myuser ## try to login using myuser new password pwd ## home directory changed to /home/myuser exit ## exit myuser |
You can use usermod -L or –lock options to lock a user’s password. This puts a ‘!’ in front of the encrypted password, effectively disabling the password. You can’t use this option with -p or -U.
Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1.
|
1 2 3 4 5 6 7 8 9 |
## usermod -L or --lock options sudo grep "myuser" /etc/shadow ## myuser:encrypted_pwd:18411:0:99999:7::: sudo usermod -L myuser ## lock user password sudo grep "myuser" /etc/shadow ## myuser:!encrypted_pwd:18411:0:99999:7::: su - myuser ## su: Authentication failure |
You can use usermod -U or –unlock options to unlock a user’s password. This removes the ‘!’ in front of the encrypted password. You can’t use this option with -p or -L.
Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from /etc/default/useradd).
|
1 2 3 4 5 6 7 8 9 10 11 |
## usermod -U or --unlock options sudo grep "myuser" /etc/shadow ## myuser:!encrypted_pwd:18411:0:99999:7::: sudo usermod -U myuser ## unlock user password sudo grep "myuser" /etc/shadow ## myuser:encrypted_pwd:18411:0:99999:7::: su - myuser ## successfully logged in as myuser exit |
You can use usermod -c or –comment COMMENT options to add a comment in user’s password file comment field.
|
1 2 3 4 5 6 7 |
## usermod -c or --comment COMMENT options sudo grep "myuser" /etc/passwd ## myuser:x:1001:1002::/home/myuser:/bin/bash sudo usermod -c "cloudaffaire" myuser ## add a comment to /etc/passwd file against myuser sudo grep "myuser" /etc/passwd ## myuser:x:1001:1002:cloudaffaire:/home/myuser:/bin/bash |
You can use usermod -u or –uid UID options to modify the UID of a user. This new UID must be unique, unless the -o option is used and the value must be non-negative. The user’s mailbox, and any files which the user owns and which are located in the user’s home directory will have the file user ID changed automatically. The ownership of files outside of the user’s home directory must be fixed manually. The change of the user ownership of files inside of the user’s home directory is also not done if the home dir owner uid is different from the current or new user id.
Note: No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or SYS_UID_MAX from /etc/login.defs.
|
1 2 3 4 5 6 7 |
## usermod -u or --uid UID options id -u myuser ## current myuser UID: 1001 sudo usermod -u 1002 myuser ## change myuser UID id -u myuser ## current myuser UID: 1002 |
You can use usermod -o or –non-unique options with -u option to update UID to a non-unique value which is not allowed by default.
|
1 2 3 4 5 6 7 8 9 10 11 |
## usermod -o or --non-unique options sudo useradd -u 1001 mynewuser ## create user with UID 1001 sudo usermod -u 1001 myuser ## usermod: UID '1001' already exists sudo usermod -o -u 1001 myuser ## chnages UID id -u myuser ## current myuser UID: 1001 sudo usermod -u 1002 myuser ## change myuser UID to the previous value |
You can use usermod -e or –expiredate EXPIRE_DATE options to update a user account expiry date. EXPIRE_DATE is specified in the format YYYY-MM-DD. An empty EXPIRE_DATE argument will disable the expiration of the account.
Note: This option requires a /etc/shadow file. A /etc/shadow entry will be created if there were none.
|
1 2 3 4 5 6 7 |
## usermod -e or --expiredate EXPIRE_DATE options sudo chage -l myuser ## Account expires : never sudo usermod -e 2020-12-20 myuser ## update account expiry date sudo chage -l myuser ## Account expires : Dec 20, 2020 |
You can use usermod -f or –inactive INACTIVE options to specify the number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.
Note: This option requires a /etc/shadow file. A /etc/shadow entry will be created if there were none.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
## usermod -f or --inactive INACTIVE options sudo chage -l myuser ## get password expiry info ## Password expires : never ## Password inactive : never sudo passwd -x 90 myuser ## set password expiry date sudo usermod -f 30 myuser ## update inactive date sudo chage -l myuser ## get password expiry info ## Password expires : Aug 27, 2020 ## Password inactive : Sep 26, 2020 |
You can use usermod -s or –shell SHELL options to update the name of the user’s new login shell. Setting this field to blank causes the system to select the default login shell.
|
1 2 3 4 5 6 7 |
## usermod -s or --shell SHELL options sudo grep "myuser" /etc/passwd ## myuser:x:1002:1002:cloudaffaire:/home/myuser:/bin/bash sudo usermod -s /bin/sh myuser ## change myuser login shell sudo grep "myuser" /etc/passwd ## myuser:x:1002:1002:cloudaffaire:/home/myuser:/bin/sh |
You can use userdel command to delete a user account and related files. The userdel command modifies the system account files, deleting all entries that refer to the user name LOGIN. The named user must exist. You need root or sudo privileges to delete a user account. userdel command accepts two options -f and -r.
userdel -f or –force options force the removal of the user account, even if the user is still logged in. It also forces userdel to remove the user’s home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user. If USERGROUPS_ENAB is defined to yes in /etc/login.defs and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user.
Note: This option is dangerous and may leave your system in an inconsistent state.
userdel -r or –remove options removes user’s home directory and the user’s mail spool. Files located in other file systems will have to be searched for and deleted manually.
Note: The mail spool is defined by the MAIL_DIR variable in the login.defs file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
## ------- ## userdel ## ------- ## userdel [options] LOGIN sudo userdel -rf mynewuser ## delete mynewuser sudo userdel -rf myuser ## delete myuser sudo groupdel mygroup ## delete groups sudo groupdel mygroup1 sudo groupdel mygroup2 sudo groupdel mygroup3 |
Hope you have enjoyed this article. In the next blog post, we will discuss chmod command in Linux.