1. 概述
System administrators require essential commands to create, modify, and manage Linux users. One such powerful Linux command is the usermod command, which helps us modify user account settings and properties.
In this tutorial, we’ll discuss the usermod command and cover various examples to understand its function.
2. usermod 命令介绍
The usermod command (an acronym for user modification) in Linux enables administrators to modify user account attributes such as username, primary group, password, UID, GID, login shell, home directory, and more.
This command automatically updates the value of these user account attributes in the respective system files:
- /etc/passwd: information about the user accounts
- /etc/shadow: user account passwords and expiration information
- /etc/group: information about groups
- /etc/gshadow: information about secure group passwords and group security
- /etc/login.defs: configuration file with system login settings
After executing the usermod command, we can usually review the contents of these files to confirm the change.
3. usermod 命令语法
As mentioned earlier, the usermod command changes user account information, so we need root permissions to execute it. Furthermore, it’s strongly advisable that the command be used carefully, as it can cause irreversible changes in some cases.
The syntax for the usermod command is fairly simple:
$ sudo usermod [options] username
Here, we replace options with the flags and options offered by the usermod command to modify account attributes and the username with the username of the targeted user account.
4. 基础功能
Now, let’s explore some basic examples of the usermod command to understand how it manages user accounts.
4.1. 为账号添加备注
Firstly, we can use the -c or –comment option of the usermod command to add some information about a particular user account. This option aids administrators in adding different comments for various user accounts. This can help store details such as user account privileges in free text form.
For instance, we can add a comment for a user account having the username baeldung_test using the -c option.
Before adding the comment, let’s check the user information of the baeldung_test user account present in the /etc/passwd file using the grep filter:
$ grep -i baeldung_test /etc/passwd
baeldung_test:x:1001:1001:baeldung_test,,,:/home/baeldung_test:/bin/bash
Next, let’s run the usermod command with the -c option to add a comment about the baeldung_test user account:
$ sudo usermod -c "User for testing tutorial commands" baeldung_test
In case of successful command execution, we won’t receive any output.
After successful execution, let’s run the grep command again to confirm if the comment is added to the user information:
$ grep -i baeldung_test /etc/passwd
baeldung_test:x:1001:1001:User for testing tutorial commands:/home/baeldung_test:/bin/bash
Thus, we can see that the user account information reflects the comment.
4.2. 修改username
Sometimes, after creating a user account, administrators may need to modify the username due to scenarios like typographical errors. In such cases, we can use the -l or –login option to change the username of a user account.
Let’s change the username from baeldung_test to modified_username via the usermod command:
$ sudo usermod -l modified_username baeldung_test
After modifying the username, we can verify the changes using the id command:
$ id modified_username baeldung_test
uid=1002(modified_username) gid=136(sambashare) groups=136(sambashare),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),135(lxd),1000(baeldung),1001(baeldung_test)
id: ‘baeldung_test’: no such user
In the above output, we can notice that our username has been successfully changed to modified_username.
4.3. 修改用账号UID和GID
We can also employ the usermod command to change the UID (Unique Identifier) and GID (Group Identifier) values for a user account.
To modify UID, we use the -u or –uid option:
$ sudo usermod -u 1002 baeldung_test
To change the value of the primary group GID, we can utilize the -g option:
$ sudo usermod -g 1000 baeldung_test
After modifying the UID and GID, we run the id command to confirm the changes:
$ id baeldung_test
uid=1002(baeldung_test) gid=1000(baeldung) groups=1000(baeldung) …
Notably, the UID has been changed to 1002 and the GID to 1000 successfully.
4.4. 修改账户密码
Moreover, we can leverage the -p option of the usermod command to create or change a user account’s password. However, we should keep in mind that this way of changing the password shows and leaves it in cleartext, so we should be careful about security concerns.
So, let’s change the password of the baeldung_test user using the usermod command:
$ sudo usermod -p 'hello12345' baeldung_test
Afterward, let’s run the grep command to check if the password has been changed:
$ sudo grep -i baeldung_test /etc/shadow
baeldung_test:hello12345:19832:0:99999:7:::
Here, we can see the password in plain text, indicating it’s unencrypted.
4.5. 账户锁定和解锁
Furthermore, the usermod command enables system administrators to lock and unlock a user account. When an account is locked, we can’t log into the account using its password. This way, we restrict an account for a given time or permanently without deleting it.
To lock the baeldung_test account, we can run the usermod command with the -L option:
$ sudo usermod -L baeldung_test
After executing the above command, we notice an exclamation mark (!) before the password in the /etc/shadow file, which indicates the locked status:
$ sudo grep -i baeldung_test /etc/shadow
baeldung_test:!hello12345:19832:0:99999:7:::
Next, we use the -U flag of the usermod command to unlock the account:
$ sudo usermod -U baeldung_test
Now, the baeldung_test user should be able to log into the account.
4.6. 修改用户home目录
The usermod command even enables us to change the home directory for a user account using the –home or -d option.
For instance, if we want to change the location of the home directory from /home/baeldung_test to /home/new_home_dir, we can run this usermod command:
$ sudo usermod -d /home/new_home_dir baeldung_test
Now, let’s use the grep command to verify the home directory change in the /etc/passwd file:
$ grep -i baeldung_test /etc/passwd
baeldung_test:x:1001:1001:User for testing tutorial commands:/home/new_home_dir:/bin/bash
Evidently, the home directory of baeldung_test is now /home/new_home_dir.
5. 高级功能
Next, we discuss some advanced examples of the usermod command in Linux.
5.1. 将home目录内容移动到某个位置
The usermod command not only enables us to change the home directory but can also move the contents of the old home directory to the new home directory by combining the -m and -d options.
To illustrate, let’s change the home directory to /home/change_content_dir and relocate its data to this new home directory:
$ sudo usermod -m -d /home/change_content_dir baeldung_test
This command changes the home directory and moves the current home contents to that directory.
5.2. 修改用户Shell
In addition to other user account attributes, we can change the login shell for an account using the -s or –shell option:
$ sudo usermod -s /bin/zsh baeldung_test
After logging in, we can verify the current shell using the echo command and the $SHELL special variable:
$ echo $SHELL
/bin/zsh
Thus, we observe that we’ve successfully changed the shell from Bash to Zsh.
5.3. Handle Primary and Secondary Groups
We can change the primary group of a user by using the -g option:
$ sudo usermod -g sambashare baeldung_test
Additionally, we can add a secondary group to a user account via the -aG option:
$ sudo usermod -aG baeldung baeldung_test
Now, let’s verify the change of the primary and secondary groups via the id command:
$ id baeldung_test
uid=1001(baeldung_test) gid=136(sambashare) groups=136(sambashare),...,1000(baeldung),1001(baeldung_test)
In the output, we can observe that the user baeldung_test now has two secondary groups and one primary group named sambashare.
5.4. 设置账号过期时间
The usermod command enables users to set an expiration date for a user account via the -e option. In particular, we do so by providing a date in the yyyy-mm-dd format.
Let’s change the expiry date of the baeldung_test account:
$ sudo usermod -e 2024-04-28 baeldung_test
Afterward, let’s verify the changes using the chage command:
$ chage -l baeldung_test
…
Account expires : Apr 28, 2024
…
Thus, the baeldung_test account should now expire on the specified date.
5.5. Modify User Account Using Multiple Options
Lastly, we can combine multiple options of the usermod command to perform the desired modifications for a user account.
To demonstrate, let’s execute the usermod command with the -e, -s, and -c options to modify the expiration date, login shell, and comment of the beldung_test user account:
$ sudo usermod -e 2024-08-08 -s /bin/bash -c "Account details modified successfully" baeldung_test
Thus, we’ve used a single usermod command to modify multiple user account attributes.
6. 总结
In this article, we went over the usermod command and many of its applications. In summary, usermod is a powerful utility that enables system administrators to modify the attributes of a user account. However, we must use this command carefully, as it makes some irreversible changes.