usermod is a utility for modifying the parameters of an existing user account. Unlike useradd (create) and userdel (delete), usermod works with already-created accounts and allows changing nearly any of their attributes without recreating them.
Root privileges are required. All changes are written directly to the system files /etc/passwd, /etc/shadow, and /etc/group.
Syntax
usermod [options] username
Rename a User
sudo usermod -l newusername oldusername
Changes only the login name. The home directory, UID, and file contents remain unchanged. To also rename the home folder, add -d with -m:
sudo usermod -l newusername -d /home/newusername -m oldusername
-m (move) physically moves the contents of the old home directory to the new one.
Change the Home Directory
Set a new path without moving files:
sudo usermod -d /new/home/dir username
Set a new path and move the files:
sudo usermod -d /new/home/dir -m username
Without -m, the new path is only recorded in /etc/passwd — it is not physically created or populated.
Add a User to a Group
Add to a supplementary group (without removing from current ones):
sudo usermod -aG groupname username
The -a (append) flag is required — without it the user is removed from all current groups and added only to the specified one.
Add to multiple groups at once:
sudo usermod -aG sudo,docker,www-data username
Check a user's current groups:
groups username
Or with more detail:
id username
Important: group changes take effect on the user's next login. New groups are not active in the current session. To apply without re-logging in:
newgrp groupname.
Change the Primary Group
sudo usermod -g newgroupname username
Lowercase -g changes the primary group; uppercase -G changes the list of supplementary groups.
Change the User's UID
sudo usermod -u 1500 username
Automatically updates file ownership in the home directory. Files outside the home directory need to be updated manually:
find / -user old_uid -exec chown -h username {} \;
Make sure the new UID is not already taken:
grep 1500 /etc/passwd
Change the Login Shell
sudo usermod -s /bin/bash username
List available shells:
cat /etc/shells
Common options:
sudo usermod -s /bin/zsh username # zsh
sudo usermod -s /bin/sh username # sh (minimal)
sudo usermod -s /usr/bin/fish username # fish
sudo usermod -s /sbin/nologin username # block shell login
/sbin/nologin is a convenient way to create a system user for a service that does not need interactive login.
Lock and Unlock a User Account
Lock (adds ! before the password hash in /etc/shadow):
sudo usermod -L username
Unlock:
sudo usermod -U username
Check status:
sudo passwd -S username
L in the output means locked, P means active password.
Set Account Expiration
Set an expiration date:
sudo usermod -e 2025-12-31 username
Remove the expiration:
sudo usermod -e "" username
Change the Comment (GECOS)
The GECOS field typically contains the user's full name:
sudo usermod -c "Ivan Ivanov" username
View the current comment:
grep username /etc/passwd
Verify Changes
After any modifications, confirm the /etc/passwd entry looks correct:
grep username /etc/passwd
Entry format:
username:x:1001:1001:Full Name:/home/username:/bin/bash
Fields in order: login, password (x = stored in shadow), UID, GID, GECOS, home directory, shell.
Quick Reference
| Task | Command |
|---|---|
| Rename a user | sudo usermod -l newname oldname |
| Rename + move home folder | sudo usermod -l newname -d /home/newname -m oldname |
| Change home directory | sudo usermod -d /new/path -m username |
| Add to a group | sudo usermod -aG groupname username |
| Add to multiple groups | sudo usermod -aG g1,g2,g3 username |
| Change primary group | sudo usermod -g groupname username |
| Change UID | sudo usermod -u 1500 username |
| Change shell | sudo usermod -s /bin/bash username |
| Lock a user | sudo usermod -L username |
| Unlock a user | sudo usermod -U username |
| Set expiration date | sudo usermod -e 2025-12-31 username |
| Change GECOS | sudo usermod -c "Full Name" username |