Change users groups linux

An Overview of the usermod Command and How It’s Used

Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.

What is usermod?

Tool Used to Modify a User’s Linux Settings

The usermod command lets you change an existing Linux user’s settings. Most things that get set up when you create a user — from a login name and home directory to the shell environment — can be altered using usermod . In addition, usermod can add a user to supplementary Linux groups, lock and unlock a user’s account, and more. This guide covers how the usermod utility works, and how it relates to other Linux commands.

Comparison to useradd and chmod

The difference between useradd and usermod is that the former is used for creating new users and the latter is used for modifying existing users. While useradd can define a Linux user’s settings, it does so for new users, not existing users. See our Linux Users and Groups guide for more on the useradd command.

On the other hand, chmod , like usermod , modifies existing resources. But where usermod modifies settings for an existing user, chmod modifies the permissions on a given file or directory. For instance, while usermod allows you to change a user’s home directory, chmod lets you give a file in that directory executable permissions. Learn more about what chmod is and how to use it in our guide Modify File Permissions with chmod.

Using usermod to Add a User to a Group

How to Change a User’s Primary Group with usermod

You can use usermod to change a user’s primary group with the -g option. Here is an example:

sudo usermod -g example-group example-user 

Take a look at the results with the id command.

uid=1001(example-user) gid=1002(example-group) groups=1002(example-group)

How to Add a User to a Group with usermod

To assign a user to one or more supplementary groups, use the -aG option. This option can assign multiple groups at once, separating each with a comma (no space):

sudo usermod -aG groupA,groupB,groupC example-user 

The -a option is used to have these groups appended to the user’s list of supplementary groups. Without it (using only the -G option) the user gets removed from any supplementary groups that are not listed in the command.

Below is an example of what the user’s id information may look like after the command above is executed.

uid=1001(example-user) gid=1002(example-group) groups=1002(example-group),1003(groupA),1004(groupB),1005(groupC)

How do I Use usermod to Change a User’s Home Directory?

Use the -d option to change the user’s home directory.

sudo usermod -d /home/example-user-new-home example-user 

You can add the —move-home option to also have the contents of the user’s existing home directory moved to the new directory.

sudo usermod --home /home/example-user-new-home --move-home example-user 

You can verify the change by echoing the user’s home directory.

How to Change a User’s Login Name with usermod

usermod allows you to change a user’s login name with the -l option, for example:

sudo usermod -l new-example-user example-user 

Changing a user’s login name does not change the name of that user’s home directory. Reference the previous section if you want to change the user’s home directory to match its login name.

Running the sudo id example-user command should now output an error since the user’s login name has changed.

id: ‘example-user’: no such user

How to Lock and Unlock a User’s Account with usermod

You can lock and unlock user accounts with usermod . Locking an account allows you to prevent logins on it without completely removing the account.

Locking a User’s Account with usermod

To lock a user’s account, use the -L option.

sudo usermod -L example-user 

Locked users display with an exclamation point after their login names, right at the start of their encrypted passwords, in the /etc/shadow file. The example below displays what an entry for example-user may look like.

sudo cat /etc/shadow | grep example-user 

example-user:![encrypted_password]:[. ]

Unlocking a User’s Account with usermod

To unlock a user’s account, use the -U option.

sudo usermod -U example-user 

Now the entry for example-user in the /etc/shadow file should lose its exclamation point.

sudo cat /etc/shadow | grep example-user 

example-user:[encrypted_password]:[. ]

How to Set an Expiration Date for a User’s Account with usermod

To set an expiration date for a user’s account, use the example command. Ensure you replace example-user with your own user.

sudo usermod example-user -e 2021-07-30 

In the above example, the example-user user account automatically deactivates on July 30, 2021.

Last password change : Jun 30, 2021 Password expires : never Password inactive : never Account expires : Jul 30, 2021 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7

How to Change a User’s Shell with usermod

Use the -s option with usermod to define a user’s shell. This option takes a path to the shell’s binary. Leaving the options blank assigns the user the default shell for the system.

Here is an example that assigns the user the Bash shell.

sudo usermod -s /bin/bash example-user 

You can then verify the user’s default shell with the following command:

sudo getent passwd example-user 

How to Change a User’s UID or GID with usermod

Changing a User’s UID with usermod

You can change a user’s user ID (UID) number with the -u option. The UID needs to be a unique, non-negative number. Additionally, the number should not fall between 0 and 999, since that range tends to be reserved for system accounts.

sudo usermod -u 1234 example-user 

Verify the change with the id command:

uid=1234(example-user) gid=1002(example-group) groups=1002(example-group)

Changing a User’s GID with usermod

Changing a user’s group ID (GID) number takes the same usermod option as changing a user’s primary group, -g . Simply provide the group’s GID number instead of its name, as in:

sudo usermod -g 5678 example-user 

Remember that the group must already exist — with the intended GID — for this option to work.

Again, you can verify the change with the id command.

uid=1234(example-user) gid=5678(another-example-group) groups=5678(another-example-group)

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on Friday, July 23, 2021.

Источник

Safely change primary group of a user in Linux

When it comes to user permission even a system administrator sometimes gets confused. No matter what linux training or administration training courses one has had one mistake and sever management can become a hell. Same holds true even for a Linux user at home. One has to be extremely careful while changing the primary group of any existing user. If you do some research, you will find that several people accidentally locked themselves out of being able to sudo. In order to avoid these unnecessary headaches it is essential that you change primary group of a user in linux, correctly.

Record the Current State

Before you change primary group of a Linux user, make a note of the user’s current status. Let us consider a user by the username «mackey». You can find this users current group memberships like this:

$ groups $ mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin

The user mackey’s primary group is «mackey». This is user is also associated with a bunch of other groups: adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin.

Note that adm, cdrom, sudo, dip, plugdev, sambashare, and lpadmin are all default secondary groups assigned to a user in Ubuntu 12.04 Precise Pangolin.

Change Primary Group of User

The command to use is «usermod». Below is the syntax of the command:

usermod - Modify a user account Syntax: usermod [-c comment] [-d home_dir [-m]] [-e expire_date] [-f inactive_days] [-g initial_group] [-G group [. ]] [-l login_name] [-p passwd] [-s shell] [-u uid [-o]] [-L|-U] user Options: -d home directory -s starting program (shell) -p password -g (primary group assigned to the users) -G (Other groups the user belongs to)

If you search the internet you may find that you can change the primary group using the following command:

sudo usermod -g NewPrimaryGroup mackey

As expected the above command would change mackey’s primary group from «mackey» to «NewPrimaryGroup». However, all of this user’s secondary group memberships will be gone, including «admin». This means that the user will henceforth be not able to use the «sudo» command to gain root access. This user will not be able to do any changes to the system (eg. install/remove softwares).

This, however, does not happen in all distributions. For example, in Ubuntu 12.04 Precise Pangolin «sudo usermod -g NewPrimaryGroup user» command assigns the new primary group to the user keeping all existing secondary groups. Yet, I like to change primary group the safe way, which puts control in my hand.

The safe way to change primary group of a Linux user is using this following command:

sudo usermod -g NewPrimaryGroup -G mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin mackey

This command will first change the user mackey’s primary group from «mackey» to «NewPrimaryGroup». Then it will assign the user «mackey» to the following secondary groups «mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin». This way mackey’s primary group will be changed without affecting his other group memberships or losing his membership to his previous primary group «mackey».

Recommended Guides on Linux Commands:

How to Fix In Case of a Screw Up

If you change a user’s primary group with just the «-g» option and all of his/her secondary group memberships are gone, then you can fix this by couple of different ways.

Method 1: If you had setup a «root» password previously (not normal in Ubuntu) you can login as «root» and then run the following command:

sudo usermod -g NewPrimaryGroup -G mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin mackey

After running the above command, logout and login as the user (mackey in this case).

Method 2: If you did not setup a password for the user «root» then you cannot login as a root user. In this case, from grub menu boot into recovery and enter command line with root previleges. Then run the same command listed above:

sudo usermod -g NewPrimaryGroup -G mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin mackey

Reboot and the user «mackey» should now have all the secondary groups restored. The primary group will be «NewPrimaryGroup».

If you simply want to add an existing user to a secondary group, retaining all his/her primary and secondary group memberships, then use the following command:

usermod -a -G NewSecondaryGroup user

The «-a» option means append to existing memberships.

There you go, now you can change primary group of users safely. Hope this helps.

Источник