Linux Commands – usermod

Linux Commands – usermod

Linux Commands – usermod

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed chage command in Linux which is used to update user password expiry information.

https://cloudaffaire.com/linux-commands-chage/

In this blog post, we will discuss usermod command in Linux. usermod command can be used to modify a user in Linux. Using usermod command, you can change a user attribute. You need to have root or sudo privileges to change user attributes.

Linux Commands – usermod:

You can use usermod -l or –login NEW_LOGIN options to rename an existing user. The name of the user will be changed from LOGIN to NEW_LOGIN. usermod -l option only changes the user name nothing else. if you want to change the user’s home directory or mail spool, you need to do it manually.

You can use usermod -g or –gid GROUP options change the primary group of a user. The new group must exist and any file from the user’s home directory owned by the previous primary group of the user will be owned by this new group. The group ownership of files outside of the user’s home directory must be fixed manually. The change of the group ownership of files inside of the user’s home directory is also not done if the home dir owner uid is different from the current or new user id. This is safety measure for special home directories such as /.

You can use usermod -G or –groups GROUP1[,GROUP2,…[,GROUPN]]] options to modify the user secondary groups. Multiple secondary group names can be provided in the form of a list separated by a comma, with no intervening whitespace. If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.

You can use usermod -a or –append options with -G option to add the user to the secondary groups by appending. By default, -G option removes any group from the user if the group name is not provided in -G option. This behavior can be changed via the -a option, which appends the user to the current secondary group list.

You can use usermod -d or –home HOME_DIR options to update user home directory. If the -m option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist. If the current home directory does not exist the new home directory will not be created.

You can use usermod -m or –move-home options to move the content of the user’s home directory to the new location. If the current home directory does not exist the new home directory will not be created. This option is only valid in combination with the -d (or –home) option. usermod will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be needed afterward.

You can use usermod -p or –password PASSWORD option to set the user login credentials. The default is to disable the password.

Note: This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. Instead set the user password using passwd command.

You can use usermod -L or –lock options to lock a user’s password. This puts a ‘!’ in front of the encrypted password, effectively disabling the password. You can’t use this option with -p or -U.

Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1.

You can use usermod -U or –unlock options to unlock a user’s password. This removes the ‘!’ in front of the encrypted password. You can’t use this option with -p or -L.

Note: if you wish to unlock the account (not only access with a password), you should also set the EXPIRE_DATE (for example to 99999, or to the EXPIRE value from /etc/default/useradd).

You can use usermod -c or –comment COMMENT options to add a comment in user’s password file comment field.

You can use usermod -u or –uid UID options to modify the UID of a user. This new UID must be unique, unless the -o option is used and the value must be non-negative. The user’s mailbox, and any files which the user owns and which are located in the user’s home directory will have the file user ID changed automatically. The ownership of files outside of the user’s home directory must be fixed manually. The change of the user ownership of files inside of the user’s home directory is also not done if the home dir owner uid is different from the current or new user id.

Note: No checks will be performed with regard to the UID_MIN, UID_MAX, SYS_UID_MIN, or SYS_UID_MAX from /etc/login.defs.

You can use usermod -o or –non-unique options with -u option to update UID to a non-unique value which is not allowed by default.

You can use usermod -e or –expiredate EXPIRE_DATE options to update a user account expiry date. EXPIRE_DATE is specified in the format YYYY-MM-DD. An empty EXPIRE_DATE argument will disable the expiration of the account.

Note: This option requires a /etc/shadow file. A /etc/shadow entry will be created if there were none.

You can use usermod -f or –inactive INACTIVE options to specify the number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.

Note: This option requires a /etc/shadow file. A /etc/shadow entry will be created if there were none.

You can use usermod -s or –shell SHELL options to update the name of the user’s new login shell. Setting this field to blank causes the system to select the default login shell.

You can use userdel command to delete a user account and related files. The userdel command modifies the system account files, deleting all entries that refer to the user name LOGIN. The named user must exist. You need root or sudo privileges to delete a user account. userdel command accepts two options -f and -r.

userdel -f or –force options force the removal of the user account, even if the user is still logged in. It also forces userdel to remove the user’s home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user. If USERGROUPS_ENAB is defined to yes in /etc/login.defs and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user.

Note: This option is dangerous and may leave your system in an inconsistent state.

userdel -r or –remove options removes user’s home directory and the user’s mail spool. Files located in other file systems will have to be searched for and deleted manually.

Note: The mail spool is defined by the MAIL_DIR variable in the login.defs file.

Hope you have enjoyed this article. In the next blog post, we will discuss chmod command in Linux.

Leave a Reply

Close Menu