There are quite a few changes you can make to user accounts on Linux systems: setting them up, deleting or disabling them, adding or removing users from secondary groups, changing usernames or UIDs, moving home directories, changing users\u2019 shells, altering account expiration timing, and so on.\nOne command that can make nearly all of these changes easier is usermod. The only real constraints are 1) that the accounts you intend to change must already exist on the system (this command won\u2019t set them up from scratch), and 2) that the affected users should probably not be logged in when you make these changes.\nThe basic syntax for the command is usermod [options] LOGIN but that options section has a lot more possibilities than you might anticipate. In addition, sudo permissions will be required for this command since superuser access is required to set up or change nearly all user account settings.\n\n\n\n\n\nWhile users can change their own passwords, select a different default shell and make changes to their environment settings (like their search paths), they cannot\u2014at least not without root privileges\u2014add themselves to groups, change their usernames, modify their descriptive information in the \/etc\/passwd file or make other changes to their account configuration. In fact, neither can they remove their accounts or lock their accounts without root access. Sysadmins have to make these changes for them.\nWith sudo access, on the other hand, you can make just about any changes to user accounts and with usermod, you can do it easily. Instead of editing files, you run commands that modify the files making the needed changes for you.\nLet\u2019s look at the long list of the options available with the usermod command and what they do.\nOptions\nThe usermod command has so many options that the command almost run out of letters to express them. Here are some quick explanations of the options that show the range of changes this command can make:\n\n-a used with -G\u00a0appends the user to the specified group\n-b allows names that don\u2019t comply with standards\n-c changes the comment field in the \/etc\/passwd file\n-d changes a user\u2019s home directory; with -m added, the contents of the old directory are moved into the new one\n-e changes the user\u2019s account expiration date (stored in the \/etc\/shadow file)\n-f sets the number of days after a password expires that an account is disabled (stored in the \/etc\/shadow file)\n-g changes the user\u2019s group, provided the group to be assigned already exists\n-G sets up the list of groups that the user will be a member of, removing other memberships unless -a is added\n-l changes a user\u2019s username\n-L locks an account\n-m moves the content of a user\u2019s home to another location\n-o when used with -u, allows a UID to have a value which is not unique\n-p changes a user\u2019s password (not recommended because it will show in ps output and the new password must be provided in encrypted form)\n-P applies changes to the prefix directory\n-R applies changes in the CHROOT_DIR directory\n-s changes the user\u2019s login shell\n-u changes the user\u2019s UID\n-U unlocks a user\u2019s password (removes the !)\n-v adds subordinate UIDs to a user account\n-V removes subordinate UIDs from a user account\n-w adds subordinate GIDs to a user account\n-W removes subordinate GIDs from a user account\n-Z adds an SELinux user for an account (requires an SELinux-enabled kernel)\n\nYou could obviously make many of these kinds of changes by editing the related files as root. For example, you could change a username by replacing it in the \/etc\/passwd and \/etc\/shadow files and then change all instances of it in the\u00a0\/etc\/group file. Still, a couple usermod commands could do the same thing and get the job done a lot quicker.\nHere are some example usermod commands to show you how it works.\nTo add the user \u201cdhart\u201d to the group \u201csecteam\u201d on the system, you could do this:\n$ sudo usermod -a -G secteam ghart\n\nThe group must already exist.\nTo change dhart\u2019s username to dbell, you could use the command shown below. Notice the order of the arguments; the last argument is the one being changed.\n$ sudo usermod -l dbell dhart ^ ^ | | new current\nNote that this\u00a0usermod command will update the \/etc\/passwd\u00a0and\u00a0\/etc\/shadow\u00a0files.\nTo change Dory\u2019s description in the \/etc\/passwd file, you can do this:\n$ sudo usermod -c \u201cDory Bell\u201d dbell\n$ grep dbell \/etc\/passwd\ndbell:x:1002:1002:Dory Bell:\/home\/dbell:\/bin\/bash\n\nNote that changing Dory\u2019s username will not automatically change her group even though these days most users\u2019 primary groups are the same as their usernames. To rename Dory\u2019s group, you could use a related groupmod command like this which changes the name of Dory\u2019s group from dhart to dbell:\n$ sudo groupmod -n dbell dhart ^ | | | +\u2014\u2014-+\nUsing a script\nAre scripts still useful? Yes, of course they are! Even with efficient commands, it\u2019s often challenging to remember which commands you need to use, never mind which order to put its arguments in.\nIn the script shown below, we want\u00a0to make all the changes detailed in the commands above after a staff member returns from vacation only to tell us that she just got married and, thus, has a new surname. The following script will make all the changes, accommodating\u00a0this person\u2019s preferences with little effort on our part and confirm that they changes were made.\n#!\/bin\/bash\n\necho -n \u201ccurrent username: \u201c\nread oldname\necho -n \u201cnew username: \u201c\nread newname\necho -n \u201cchange user description field? [y\/n] \u201c\nread ans\nif [ $ans =="y" ]; then\n echo -n \u201cEnter description> \u201c\n read desc\n sudo usermod -c \u201c$desc\u201d $oldname\nfi\n# change the user\u2019s username in \/etc\/passwd and \/etc\/shadow files\nsudo usermod -l $newname $oldname\n\n# move the user\u2019s home to match the new username\nsudo usermod -d \/home\/$newname -m $newname\n\n# change the user\u2019s group name\nsudo groupmod -n $newname $oldnam\n\n# verify the changes were made\necho \/etc\/passwd:\necho -n \u201c \u201c\ngrep $newname \/etc\/passwd\necho home directory:\necho -n \u201c \u201c\nls -ld \/home\/$newname\n\nHere\u2019s an example of the script in action:\n$ update_user\ncurrent username: dhart\nnew username: dbell\nchange user description field? [y\/n] y\nEnter description> Dory Bell\n\/etc\/passwd:\n dbell:x:1002:1002:Dory Bell:\/home\/dbell:\/bin\/bash\nhome directory:\n drwxr-xr-x 8 dbell dbell 4096 Oct 6 11:44 \/home\/dbell\n\nOnce you put the needed commands into a script, you won\u2019t have to work so hard at making sure your commands are correct, and you\u2019ll still get the benefit of making the needed changes quickly and thoroughly.\nWrap-Up\nDon\u2019t forget that usermod offers a long list of options for making changes to user account settings. Some of them might make your work a bit easier.