Quick take: The usermod command changes existing user accounts. The most common use is adding a user to a group: sudo usermod -aG docker alice. The -aG combination is essential — it appends rather than replacing the user's groups.
Introduction
The usermod command modifies existing user accounts — their groups, home directory, shell, username, and account status. It is a daily administration tool, and getting one option right (-aG versus -G) prevents the most common and damaging mistake.
Syntax
The basic syntax of the usermod command is:
usermod [OPTIONS] USERNAMECommon Options and Parameters
The most useful options and parameters for the usermod command:
| Option | Description |
|---|---|
| -aG groups | Append the user to supplementary groups (always use -a with -G). |
| -G groups | Set supplementary groups (REPLACES existing membership). |
| -g group | Change the primary group. |
| -d DIR | Change the home directory (-m also moves its contents). |
| -s SHELL | Change the login shell. |
| -l NEW | Change the username. |
| -L / -U | Lock / unlock the account. |
| -e DATE | Set an account expiry date. |
Practical Examples
Real usermod commands you can run today:
# Add a user to the sudo group (append!)
sudo usermod -aG sudo alice
# Add to multiple groups at once
sudo usermod -aG docker,www-data alice
# Change a user's login shell
sudo usermod -s /bin/zsh alice
# Change and move the home directory
sudo usermod -d /home/newhome -m alice
# Lock an account
sudo usermod -L alice
# Verify group membership afterward
groups aliceTips and Best Practices
- Always use
-aG, never bare-G. Without-a, usermod replaces all supplementary groups, which can remove a user from sudo and lock them out. - Group changes take effect on the next login — have the user log out and back in, or check with
groups username. - Use
-d /path -mtogether to move the home directory contents when changing it.
Final Thoughts
usermod is how you adjust accounts after creation — group membership, shell, home, and status. The cardinal rule is -aG to append groups; a bare -G silently replaces them and can strip away sudo access. Pair it with groups to verify changes, and remember they apply at the next login.
FAQ: usermod Command in Linux
How do I add a user to a group in Linux?+
Use sudo usermod -aG groupname username. The -aG appends the user to the group without removing their existing groups. For example, sudo usermod -aG docker alice.
Why is -aG important instead of -G?+
With -G alone, usermod replaces all of the user's supplementary groups with just the ones listed, which can remove them from sudo and lock them out. -aG appends safely, preserving existing memberships.
How do I change a user's shell?+
Use sudo usermod -s /bin/zsh username, or the dedicated chsh command. The change takes effect at the user's next login.
Why don't group changes take effect immediately?+
Group membership is read at login, so a user must log out and back in (or start a new session) after usermod -aG. You can confirm with the groups command.
How do I lock a user account with usermod?+
Use sudo usermod -L username to lock it and -U to unlock. Locking disables password login; also disable SSH keys if the user has them for a full lockout.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support