usermod Command
Purpose
Changes user attributes.
Syntax
usermod [ -u uid ] [ -g pgroup ] [ -G group1,group2 ... ] [ -d dir [ -m ] ] [ -s shell ] [ -c comment ] [ -l new_name ] [ -e expire ] [ -r role1,role2 ... ] login
Description
- /etc/passwd
- /etc/security/environ
- /etc/security/limits
- /etc/security/user
- /etc/security/user.roles
- /etc/security/audit/config
- /etc/group
- /etc/security/group
Avoid changing the ID for an account so that system security is not compromised. However, when the ID is changed using the usermod command, ID collision checking is also controlled by the dist_uniqid attribute in the usw stanza of the /etc/security/login.cfg file. The behavior of ID collision control is the same as that described for the mkuser command.
Flags
| Item | Description |
|---|---|
| -c comment | Supplies general information about the user
specified by the login parameter. The comment parameter
is a string with no embedded colon (:) characters and cannot end with
the characters '#!'. |
| -d dir | Changes the home directory to the directory specified by the dir parameter. |
| -g pgroup | Identifies the primary group. The pgroup parameter must be a valid group name or ID. |
| -e expire | Identifies the expiration date of the account. The expire parameter is a 10-character string in the MMDDhhmmyy form, where MM is the month, DD is the day, hh is the hour, mm is the minute, and yy is the last 2 digits of the years 1939 through 2038. All characters are numeric. If the expire parameter is 0, the account does not expire. The default is 0. See the date command for more information. |
| -G group1,group2,... | Identifies the groups the user belongs to. The group1,group2,... parameter is a comma-separated list of group names. |
| -l new_name | Specifies the new name of the user. |
| -m | Moves the contents of the user's current home directory to the new home directory. Only used with the -d flag. |
| -r role1,role2,... | Lists the administrative roles for this user. The role1,role2,... parameter is a list of role names, separated by commas. |
| -s shell | Defines the program run for the user at session initiation. The shell parameter is a full path name. |
| -u uid | Specifies the user ID. The uid parameter is a unique integer string. Avoid changing this attribute so that system security will not be compromised. |
Exit Status
| Item | Description |
|---|---|
| 0 | The command completed successfully. |
| >0 | An error occurred. |
Examples
- To change the user
davisto be a member of thesystemgroup, enter the following command:usermod -G system davis
Restrictions
- Make a user an administrative user by setting the admin attribute to true.
- Change any attributes of an administrative user.
- Add a user to an administrative group
An administrative group is a group with the admin attribute set to True. Members of the security group can change the attributes of non-administrative users and add users to non-administrative groups.
The usermod command manipulates local user data only. You cannot use it to change data in registry servers like NIS and DCE.
Location
/usr/sbin/usermod
Files
The usermod command has read and write permissions to the following files.
| Item | Description |
|---|---|
| /etc/passwd | Contains the basic attributes of users. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/security/user.roles | Contains the administrative role attributes of users. |
| /etc/security/limits | Defines resource quotas and limits for each user. |
| /etc/security/environ | Contains the environment attributes of users. |
| /etc/security/audit/config | Contains audit configuration information. |
| /etc/security/lastlog | Contains the last login attributes of users. |
| /etc/group | Contains the basic attributes of groups. |
| /etc/security/group | Contains the extended attributes of groups. |