3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
4 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
6 .\" Manual: System Management Commands
7 .\" Source: System Management Commands
10 .TH "USERMOD" "8" "02/16/2011" "System Management Commands" "System Management Commands"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 usermod \- modify a user account
33 .HP \w'\fBusermod\fR\ 'u
34 \fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
39 command modifies the system account files to reflect the changes that are specified on the command line\&.
42 The options which apply to the
46 \fB\-a\fR, \fB\-\-append\fR
48 Add the user to the supplementary group(s)\&. Use only with the
53 \fB\-c\fR, \fB\-\-comment\fR \fICOMMENT\fR
55 The new value of the user\*(Aqs password file comment field\&. It is normally modified using the
60 \fB\-d\fR, \fB\-\-home\fR \fIHOME_DIR\fR
62 The user\*(Aqs new login directory\&.
66 option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&.
69 \fB\-e\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR
71 The date on which the user account will be disabled\&. The date is specified in the format
75 \fB\-f\fR, \fB\-\-inactive\fR \fIINACTIVE\fR
77 The number of days after a password expires until the account is permanently disabled\&.
79 A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature\&.
82 \fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
84 The group name or number of the user\*(Aqs new initial login group\&. The group must exist\&.
87 \fB\-G\fR, \fB\-\-groups\fR \fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]]
89 A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
93 If the user is currently a member of a group which is not listed, the user will be removed from the group\&. This behaviour can be changed via the
95 option, which appends the user to the current supplementary group list\&.
98 \fB\-l\fR, \fB\-\-login\fR \fINEW_LOGIN\fR
100 The name of the user will be changed from
103 \fINEW_LOGIN\fR\&. Nothing else is changed\&. In particular, the user\*(Aqs home directory name should probably be changed manually to reflect the new login name\&.
106 \fB\-L\fR, \fB\-\-lock\fR
108 Lock a user\*(Aqs password\&. This puts a \*(Aq!\*(Aq in front of the encrypted password, effectively disabling the password\&. You can\*(Aqt use this option with
113 Note: if you wish to lock the account (not only access with a password), you should also set the
119 \fB\-m\fR, \fB\-\-move\-home\fR
121 Move the content of the user\*(Aqs home directory to the new location\&.
123 This option is only valid in combination with the
126 \fB\-\-home\fR) option\&.
129 \fB\-o\fR, \fB\-\-non\-unique\fR
133 option, this option allows to change the user ID to a non\-unique value\&.
136 \fB\-p\fR, \fB\-\-password\fR \fIPASSWORD\fR
138 The encrypted password, as returned by
143 This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
145 You should make sure the password respects the system\*(Aqs password policy\&.
148 \fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
150 The name of the user\*(Aqs new login shell\&. Setting this field to blank causes the system to select the default login shell\&.
153 \fB\-u\fR, \fB\-\-uid\fR \fIUID\fR
155 The new numerical value of the user\*(Aqs ID\&.
157 This value must be unique, unless the
159 option is used\&. The value must be non\-negative\&. Values between 0 and 999 are typically reserved for system accounts\&.
161 The user\*(Aqs mailbox, and any files which the user owns and which are located in the user\*(Aqs home directory will have the file user ID changed automatically\&.
163 The ownership of files outside of the user\*(Aqs home directory must be fixed manually\&.
166 \fB\-U\fR, \fB\-\-unlock\fR
168 Unlock a user\*(Aqs password\&. This removes the \*(Aq!\*(Aq in front of the encrypted password\&. You can\*(Aqt use this option with
173 Note: if you wish to unlock the account (not only access with a password), you should also set the
176 \fI99999\fR, or to the
179 /etc/default/useradd)\&.
182 \fB\-Z\fR, \fB\-\-selinux\-user\fR \fISEUSER\fR
184 The SELinux user for the user\*(Aqs login\&. The default is to leave this field the blank, which causes the system to select the default SELinux user\&.
188 You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
190 checks this on Linux, but only check if the user is logged in according to utmp on other architectures\&.
192 You must change the owner of any
198 You must make any changes involving NIS on the NIS server\&.
201 The following configuration variables in
203 change the behavior of this tool:
205 \fBMAIL_DIR\fR (string)
207 The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&.
210 \fBMAIL_FILE\fR (string)
212 Defines the location of the users mail spool files relatively to their home directory\&.
219 variables are used by
223 to create, move, or delete the user\*(Aqs mail spool\&.
226 \fBMAIL_CHECK_ENAB\fR
228 \fIyes\fR, they are also used to define the
230 environment variable\&.
232 \fBMAX_MEMBERS_PER_GROUP\fR (number)
234 Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
236 (with the same name, same password, and same GID)\&.
238 The default value is 0, meaning that there are no limits in the number of members in a group\&.
240 This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
242 If you need to enforce such limit, you can use 25\&.
244 Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
250 Group account information\&.
255 Secure group account information\&.
260 User account information\&.
265 Secure user account information\&.