System administrators require essential commands to create, modify, and manage Linux users. One such powerful Linux command is the usermod command, which helps us modify user account settings and properties.
In this tutorial, we’ll discuss the usermod command and cover various examples to understand its function.
The usermod command (an acronym for user modification) in Linux enables administrators to modify user account attributes such as username, primary group, password, UID, GID, login shell, home directory, and more.
This command automatically updates the value of these user account attributes in the respective system files:
- /etc/passwd: information about the user accounts
- /etc/shadow: user account passwords and expiration information
- /etc/group: information about groups
- /etc/gshadow: information about secure group passwords and group security
- /etc/login.defs: configuration file with system login settings
After executing the usermod command, we can usually review the contents of these files to confirm the change.
As mentioned earlier, the usermod command changes user account information, so we need root permissions to execute it. Furthermore, it’s strongly advisable that the command be used carefully, as it can cause irreversible changes in some cases.
The syntax for the usermod command is fairly simple:
Here, we replace options with the flags and options offered by the usermod command to modify account attributes and the username with the username of the targeted user account.
Now, let’s explore some basic examples of the usermod command to understand how it manages user accounts.
Firstly, we can use the -c or –comment option of the usermod command to add some information about a particular user account. This option aids administrators in adding different comments for various user accounts. This can help store details such as user account privileges in free text form.
For instance, we can add a comment for a user account having the username baeldung_test using the -c option.
Before adding the comment, let’s check the user information of the baeldung_test user account present in the /etc/passwd file using the grep filter:
Next, let’s run the usermod command with the -c option to add a comment about the baeldung_test user account:
In case of successful command execution, we won’t receive any output.
After successful execution, let’s run the grep command again to confirm if the comment is added to the user information:
Thus, we can see that the user account information reflects the comment.
Sometimes, after creating a user account, administrators may need to modify the username due to scenarios like typographical errors. In such cases, we can use the -l or –login option to change the username of a user account.
Let’s change the username from baeldung_test to modified_username via the usermod command:
After modifying the username, we can verify the changes using the id command:
In the above output, we can notice that our username has been successfully changed to modified_username.
We can also employ the usermod command to change the UID (Unique Identifier) and GID (Group Identifier) values for a user account.
To modify UID, we use the -u or –uid option:
To change the value of the primary group GID, we can utilize the -g option:
After modifying the UID and GID, we run the id command to confirm the changes:
Notably, the UID has been changed to 1002 and the GID to 1000 successfully.
Moreover, we can leverage the -p option of the usermod command to create or change a user account’s password. However, we should keep in mind that this way of changing the password shows and leaves it in cleartext, so we should be careful about security concerns.
So, let’s change the password of the baeldung_test user using the usermod command:
Afterward, let’s run the grep command to check if the password has been changed:
Here, we can see the password in plain text, indicating it’s unencrypted.
Furthermore, the usermod command enables system administrators to lock and unlock a user account. When an account is locked, we can’t log into the account using its password. This way, we restrict an account for a given time or permanently without deleting it.
To lock the baeldung_test account, we can run the usermod command with the -L option:
After executing the above command, we notice an exclamation mark (!) before the password in the /etc/shadow file, which indicates the locked status:
Next, we use the -U flag of the usermod command to unlock the account:
Now, the baeldung_test user should be able to log into the account.
The usermod command even enables us to change the home directory for a user account using the –home or -d option.
For instance, if we want to change the location of the home directory from /home/baeldung_test to /home/new_home_dir, we can run this usermod command:
Now, let’s use the grep command to verify the home directory change in the /etc/passwd file:
Evidently, the home directory of baeldung_test is now /home/new_home_dir.
Next, we discuss some advanced examples of the usermod command in Linux.
The usermod command not only enables us to change the home directory but can also move the contents of the old home directory to the new home directory by combining the -m and -d options.
To illustrate, let’s change the home directory to /home/change_content_dir and relocate its data to this new home directory:
This command changes the home directory and moves the current home contents to that directory.
In addition to other user account attributes, we can change the login shell for an account using the -s or –shell option:
After logging in, we can verify the current shell using the echo command and the $SHELL special variable:
Thus, we observe that we’ve successfully changed the shell from Bash to Zsh.
We can change the primary group of a user by using the -g option:
Additionally, we can add a secondary group to a user account via the -aG option:
Now, let’s verify the change of the primary and secondary groups via the id command:
In the output, we can observe that the user baeldung_test now has two secondary groups and one primary group named sambashare.
The usermod command enables users to set an expiration date for a user account via the -e option. In particular, we do so by providing a date in the yyyy-mm-dd format.
Let’s change the expiry date of the baeldung_test account:
Afterward, let’s verify the changes using the chage command:
Thus, the baeldung_test account should now expire on the specified date.
Lastly, we can combine multiple options of the usermod command to perform the desired modifications for a user account.
To demonstrate, let’s execute the usermod command with the -e, -s, and -c options to modify the expiration date, login shell, and comment of the beldung_test user account:
Thus, we’ve used a single usermod command to modify multiple user account attributes.
In this article, we went over the usermod command and many of its applications. In summary, usermod is a powerful utility that enables system administrators to modify the attributes of a user account. However, we must use this command carefully, as it makes some irreversible changes.
版权声明:
本文来源网络,所有图片文章版权属于原作者,如有侵权,联系删除。
本文网址:https://www.mushiming.com/mjsbk/1789.html