usermod Command

Purpose

Changes user attributes.

Syntax

usermod [ -u uid ] [ -g pgroup ] [ -G group1,group2 ... ] [ -d dir [ -m ] ] [ -s shell ] [ -c comment ] [ -l new_name ] [ -e expire ] [ -r role1,role2 ... ] login

Description

Attention: Do not use the usermod command if you have a Network Information Service (NIS) database installed on your system.
The usermod command changes attributes for the user identified by the login parameter. The user name must already exist. To change an attribute, specify the flag and the new value. The following files contain local user attributes that are set by this command:
  • /etc/passwd
  • /etc/security/environ
  • /etc/security/limits
  • /etc/security/user
  • /etc/security/user.roles
  • /etc/security/audit/config
  • /etc/group
  • /etc/security/group

Avoid changing the ID for an account so that system security is not compromised. However, when the ID is changed using the usermod command, ID collision checking is also controlled by the dist_uniqid attribute in the usw stanza of the /etc/security/login.cfg file. The behavior of ID collision control is the same as that described for the mkuser command.

Flags

Item Description
-c comment Supplies general information about the user specified by the login parameter. The comment parameter is a string with no embedded colon (:) characters and cannot end with the characters '#!'.
-d dir Changes the home directory to the directory specified by the dir parameter.
-g pgroup Identifies the primary group. The pgroup parameter must be a valid group name or ID.
-e expire Identifies the expiration date of the account. The expire parameter is a 10-character string in the MMDDhhmmyy form, where MM is the month, DD is the day, hh is the hour, mm is the minute, and yy is the last 2 digits of the years 1939 through 2038. All characters are numeric. If the expire parameter is 0, the account does not expire. The default is 0. See the date command for more information.
-G group1,group2,... Identifies the groups the user belongs to. The group1,group2,... parameter is a comma-separated list of group names.
-l new_name Specifies the new name of the user.
-m Moves the contents of the user's current home directory to the new home directory. Only used with the -d flag.
-r role1,role2,... Lists the administrative roles for this user. The role1,role2,... parameter is a list of role names, separated by commas.
-s shell Defines the program run for the user at session initiation. The shell parameter is a full path name.
-u uid Specifies the user ID. The uid parameter is a unique integer string. Avoid changing this attribute so that system security will not be compromised.

Exit Status

Item Description
0 The command completed successfully.
>0 An error occurred.

Examples

  1. To change the user davis to be a member of the system group, enter:
    usermod -g system davis

Restrictions

To ensure the integrity of user information, some restrictions apply when using the usermod command. Only the root user or users with UserAdmin authorization can use the usermod command to perform the following tasks:
  • Make a user an administrative user by setting the admin attribute to true.
  • Change any attributes of an administrative user.
  • Add a user to an administrative group

An administrative group is a group with the admin attribute set to True. Members of the security group can change the attributes of non-administrative users and add users to non-administrative groups.

The usermod command manipulates local user data only. You cannot use it to change data in registry servers like NIS and DCE.

Location

/usr/sbin/usermod

Files

The usermod command has read and write permissions to the following files.

Item Description
/etc/passwd Contains the basic attributes of users.
/etc/security/user Contains the extended attributes of users.
/etc/security/user.roles Contains the administrative role attributes of users.
/etc/security/limits Defines resource quotas and limits for each user.
/etc/security/environ Contains the environment attributes of users.
/etc/security/audit/config Contains audit configuration information.
/etc/security/lastlog Contains the last login attributes of users.
/etc/group Contains the basic attributes of groups.
/etc/security/group Contains the extended attributes of groups.