Permissions
usermod
Modify an existing local user account.
useraccountgroupshelladmin
Additional Notes
usermod changes properties of an existing user account. It can change login name, home directory, shell, groups, UID, lock state, and expiration settings.
It is powerful because changing account identity or home paths can affect file ownership, login behavior, and services.
Syntax
usermod [options] username
Parameters
options: Flags that change howusermodbehaves.user: User account affected by the command.group: Group account affected by the command.file: File or directory whose ownership, mode, or access policy is being changed.
Common Options
-aG GROUPS: Append user to supplementary groups.-G GROUPS: Set supplementary groups exactly.-s SHELL: Change login shell.-d DIR: Change home directory path.-m: Move home contents to the new home directory with-d.-l NAME: Change login name.-u UID: Change numeric UID.-L: Lock the user's password.-U: Unlock the user's password.-e DATE: Set account expiration date.
Examples
sudo usermod -aG docker rani
Add rani to the docker group without removing existing groups.
sudo usermod -s /bin/bash deploy
Change login shell.
sudo usermod -d /srv/deploy -m deploy
Move a user's home directory.
sudo usermod -L guest
Lock a user's password.
groups rani
Check group membership.
Practical Notes
- Use
-aGwhen adding groups. Forgetting-awith-Gcan remove existing supplementary groups. - Users usually need a new login session for group changes to apply.
- Be careful changing UID on accounts that already own files.
- Locking a password may not disable every login method, such as SSH keys.