summaryrefslogtreecommitdiffstats
path: root/man/usermod.8.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--man/usermod.8.xml635
1 files changed, 635 insertions, 0 deletions
diff --git a/man/usermod.8.xml b/man/usermod.8.xml
new file mode 100644
index 0000000..a1d0efd
--- /dev/null
+++ b/man/usermod.8.xml
@@ -0,0 +1,635 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 1991 - 1994, Julianne Frances Haugh
+ Copyright (c) 2007 - 2011, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+<!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+<!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml">
+<!-- SHADOW-CONFIG-HERE -->
+]>
+<refentry id='usermod.8'>
+ <!-- $Id$ -->
+ <refentryinfo>
+ <author>
+ <firstname>Julianne Frances</firstname>
+ <surname>Haugh</surname>
+ <contrib>Creation, 1991</contrib>
+ </author>
+ <author>
+ <firstname>Thomas</firstname>
+ <surname>Kłoczko</surname>
+ <email>kloczek@pld.org.pl</email>
+ <contrib>shadow-utils maintainer, 2000 - 2007</contrib>
+ </author>
+ <author>
+ <firstname>Nicolas</firstname>
+ <surname>François</surname>
+ <email>nicolas.francois@centraliens.net</email>
+ <contrib>shadow-utils maintainer, 2007 - now</contrib>
+ </author>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>usermod</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>usermod</refname>
+ <refpurpose>modify a user account</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>usermod</command>
+ <arg choice='opt'>
+ <replaceable>options</replaceable>
+ </arg>
+ <arg choice='plain'><replaceable>LOGIN</replaceable></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <command>usermod</command> command modifies the system account
+ files to reflect the changes that are specified on the command line.
+ </para>
+ </refsect1>
+
+ <refsect1 id='options'>
+ <title>OPTIONS</title>
+ <para>
+ The options which apply to the <command>usermod</command> command
+ are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>-a</option>, <option>--append</option>
+ </term>
+ <listitem>
+ <para>
+ Add the user to the supplementary group(s). Use only with the
+ <option>-G</option> option.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-b</option>, <option>--badnames</option>
+ </term>
+ <listitem>
+ <para>
+ Allow names that do not conform to standards.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-c</option>, <option>--comment</option>&nbsp;<replaceable>COMMENT</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The new value of the user's password file comment field. It is
+ normally modified using the <citerefentry>
+ <refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry> utility.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-d</option>, <option>--home</option>&nbsp;<replaceable>HOME_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The user's new login directory.
+ </para>
+ <para>
+ If the <option>-m</option>
+ option is given, the contents of the current home directory will
+ be moved to the new home directory, which is created if it does
+ not already exist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-e</option>, <option>--expiredate</option>&nbsp;<replaceable>EXPIRE_DATE</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The date on which the user account will be disabled. The date is
+ specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
+ </para>
+ <para>
+ An empty <replaceable>EXPIRE_DATE</replaceable> argument will
+ disable the expiration of the account.
+ </para>
+ <para>
+ This option requires a <filename>/etc/shadow</filename> file.
+ A <filename>/etc/shadow</filename> entry will be created if
+ there were none.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-f</option>, <option>--inactive</option>&nbsp;<replaceable>INACTIVE</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The number of days after a password expires until the account is
+ permanently disabled.
+ </para>
+ <para>
+ A value of 0 disables the account as soon
+ as the password has expired, and a value of -1 disables the
+ feature.
+ </para>
+ <para>
+ This option requires a <filename>/etc/shadow</filename> file.
+ A <filename>/etc/shadow</filename> entry will be created if
+ there were none.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GROUP</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The group name or number of the user's new initial login group.
+ The group must exist.
+ </para>
+ <para>
+ Any file from the user's home directory owned by the previous
+ primary group of the user will be owned by this new group.
+ </para>
+ <para>
+ The group ownership of files outside of the user's home directory
+ must be fixed manually.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-G</option>, <option>--groups</option>&nbsp;<replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
+ </term>
+ <listitem>
+ <para>
+ A list of supplementary groups which the user is also a member
+ of. Each group is separated from the next by a comma, with no
+ intervening whitespace. The groups are subject to the same
+ restrictions as the group given with the <option>-g</option>
+ option.
+ </para>
+ <para>
+ If the user is currently a member of a group which is
+ not listed, the user will be removed from the group. This
+ behaviour can be changed via the <option>-a</option> option, which
+ appends the user to the current supplementary group list.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-l</option>, <option>--login</option>&nbsp;<replaceable>NEW_LOGIN</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The name of the user will be changed from
+ <replaceable>LOGIN</replaceable> to
+ <replaceable>NEW_LOGIN</replaceable>. Nothing else is changed. In
+ particular, the user's home directory or mail spool should
+ probably be renamed manually to reflect the new login name.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-L</option>, <option>--lock</option>
+ </term>
+ <listitem>
+ <para>
+ Lock a user's password. This puts a '!' in front of the
+ encrypted password, effectively disabling the password. You
+ can't use this option with <option>-p</option> or
+ <option>-U</option>.
+ </para>
+ <para>
+ Note: if you wish to lock the account (not only access with a
+ password), you should also set the
+ <replaceable>EXPIRE_DATE</replaceable> to
+ <replaceable>1</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-m</option>, <option>--move-home</option>
+ </term>
+ <listitem>
+ <para>
+ Move the content of the user's home directory to the new
+ location.
+ </para>
+ <para>
+ This option is only valid in combination with the
+ <option>-d</option> (or <option>--home</option>) option.
+ </para>
+ <para>
+ <command>usermod</command> will try to adapt the ownership of the
+ files and to copy the modes, ACL and extended attributes, but
+ manual changes might be needed afterwards.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-o</option>, <option>--non-unique</option>
+ </term>
+ <listitem>
+ <para>
+ When used with the <option>-u</option> option, this option
+ allows to change the user ID to a non-unique value.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-p</option>, <option>--password</option>&nbsp;<replaceable>PASSWORD</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The encrypted password, as returned by <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ <para>
+ <emphasis role="bold">Note:</emphasis> This option is not
+ recommended because the password (or encrypted password) will
+ be visible by users listing the processes.
+ </para>
+ <para condition="pam">
+ The password will be written in the local
+ <filename>/etc/passwd</filename> or
+ <filename>/etc/shadow</filename> file. This might differ from the
+ password database configured in your PAM configuration.
+ </para>
+ <para>
+ You should make sure the password respects the system's
+ password policy.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-R</option>, <option>--root</option>&nbsp;<replaceable>CHROOT_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Apply changes in the <replaceable>CHROOT_DIR</replaceable>
+ directory and use the configuration files from the
+ <replaceable>CHROOT_DIR</replaceable> directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-P</option>, <option>--prefix</option>&nbsp;<replaceable>PREFIX_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Apply changes in the <replaceable>PREFIX_DIR</replaceable>
+ directory and use the configuration files from the
+ <replaceable>PREFIX_DIR</replaceable> directory.
+ This option does not chroot and is intended for preparing
+ a cross-compilation target.
+ Some limitations: NIS and LDAP users/groups are not verified.
+ PAM authentication is using the host files.
+ No SELINUX support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-s</option>, <option>--shell</option>&nbsp;<replaceable>SHELL</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The name of the user's new login shell. Setting this field to
+ blank causes the system to select the default login shell.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-u</option>, <option>--uid</option>&nbsp;<replaceable>UID</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The new numerical value of the user's ID.
+ </para>
+ <para>
+ This value must be unique,
+ unless the <option>-o</option> option is used. The value must be
+ non-negative.
+ </para>
+ <para>
+ The user's mailbox, and any files which the user owns and which are
+ located in the user's home
+ directory will have the file user ID changed automatically.
+ </para>
+ <para>
+ The ownership of files outside of the user's home directory
+ must be fixed manually.
+ </para>
+ <para>
+ No checks will be performed with regard to the
+ <option>UID_MIN</option>, <option>UID_MAX</option>,
+ <option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option>
+ from <filename>/etc/login.defs</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-U</option>, <option>--unlock</option>
+ </term>
+ <listitem>
+ <para>
+ Unlock a user's password. This removes the '!' in front of the
+ encrypted password. You can't use this option with
+ <option>-p</option> or <option>-L</option>.
+ </para>
+ <para>
+ Note: if you wish to unlock the account (not only access with a
+ password), you should also set the
+ <replaceable>EXPIRE_DATE</replaceable> (for example to
+ <replaceable>99999</replaceable>, or to the
+ <option>EXPIRE</option> value from
+ <filename>/etc/default/useradd</filename>).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="subids">
+ <term>
+ <option>-v</option>, <option>--add-subuids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Add a range of subordinate uids to the user's account.
+ </para>
+ <para>
+ This option may be specified multiple times to add multiple ranges to a users account.
+ </para>
+ <para>
+ No checks will be performed with regard to
+ <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</option>, or
+ <option>SUB_UID_COUNT</option> from /etc/login.defs.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="subids">
+ <term>
+ <option>-V</option>, <option>--del-subuids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Remove a range of subordinate uids from the user's account.
+ </para>
+ <para>
+ This option may be specified multiple times to remove multiple ranges to a users account.
+ When both <option>--del-subuids</option> and <option>--add-subuids</option> are specified,
+ the removal of all subordinate uid ranges happens before any subordinate uid range is added.
+ </para>
+ <para>
+ No checks will be performed with regard to
+ <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</option>, or
+ <option>SUB_UID_COUNT</option> from /etc/login.defs.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="subids">
+ <term>
+ <option>-w</option>, <option>--add-subgids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Add a range of subordinate gids to the user's account.
+ </para>
+ <para>
+ This option may be specified multiple times to add multiple ranges to a users account.
+ </para>
+ <para>
+ No checks will be performed with regard to
+ <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</option>, or
+ <option>SUB_GID_COUNT</option> from /etc/login.defs.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="subids">
+ <term>
+ <option>-W</option>, <option>--del-subgids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+ </term>
+ <listitem>
+ <para>
+ Remove a range of subordinate gids from the user's account.
+ </para>
+ <para>
+ This option may be specified multiple times to remove multiple ranges to a users account.
+ When both <option>--del-subgids</option> and <option>--add-subgids</option> are specified,
+ the removal of all subordinate gid ranges happens before any subordinate gid range is added.
+ </para>
+ <para>
+ No checks will be performed with regard to
+ <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</option>, or
+ <option>SUB_GID_COUNT</option> from /etc/login.defs.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-Z</option>, <option>--selinux-user</option>&nbsp;<replaceable>SEUSER</replaceable>
+ </term>
+ <listitem>
+ <para>
+ The new SELinux user for the user's login.
+ </para>
+ <para>
+ A blank <replaceable>SEUSER</replaceable> will remove the
+ SELinux user mapping for user <replaceable>LOGIN</replaceable>
+ (if any).
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+ You must make certain that the named user is
+ not executing any processes when this command is being executed if the
+ user's numerical user ID, the user's name, or the user's home
+ directory is being changed. <command>usermod</command> checks this
+ on Linux. On other platforms it only uses utmp to check if the user is logged in.
+ </para>
+ <para>
+ You must change the owner of any <command>crontab</command> files or
+ <command>at</command> jobs manually.
+ </para>
+ <para>
+ You must make any changes involving NIS on the NIS server.
+ </para>
+ </refsect1>
+
+ <refsect1 id='configuration'>
+ <title>CONFIGURATION</title>
+ <para>
+ The following configuration variables in
+ <filename>/etc/login.defs</filename> change the behavior of this
+ tool:
+ </para>
+ <variablelist>
+ &LASTLOG_UID_MAX;
+ &MAIL_DIR; <!-- documents also MAIL_FILE -->
+ &MAX_MEMBERS_PER_GROUP;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MAX and SUB_GID_MIN -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MAX and SUB_UID_MIN -->
+ &TCB_SYMLINKS;
+ &USE_TCB;
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='files'>
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/group</filename></term>
+ <listitem>
+ <para>Group account information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="gshadow">
+ <term><filename>/etc/gshadow</filename></term>
+ <listitem>
+ <para>Secure group account information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/login.defs</filename></term>
+ <listitem>
+ <para>Shadow password suite configuration.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/passwd</filename></term>
+ <listitem>
+ <para>User account information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/shadow</filename></term>
+ <listitem>
+ <para>Secure user account information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="subids">
+ <term><filename>/etc/subgid</filename></term>
+ <listitem>
+ <para>Per user subordinate group IDs.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="subids">
+ <term><filename>/etc/subuid</filename></term>
+ <listitem>
+ <para>Per user subordinate user IDs.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <phrase condition="subids">
+ <citerefentry>
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ </phrase>
+ <citerefentry>
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+</refentry>