usermod works like useradd, and shares many of the options: you can change their group, home directory or even their user name:
usermod –l new_name old_name
allows you to change a user’s login name.
-e changes the expiration date
-g changes their primary group
-G adds them to a secondary group
-d changes their home directory
Red Hat User Manager also lets you change any feature of a user account in the GUI.
Note all the password operations:
expiration,
change allowed,
change required,
warning before expiration,
days inactive before deactivation.
Also note the “locked” option.
There is one area usermod can’t configure: password expiration. For this you’ll use the chage command instead. This one is best seen through example:
chage -m 3 -M 30 -W 5 <username>
This results in:
a minimum ( -m ) interval after changing a password of 3 days,
a maximum ( -M ) interval of 30 days between password changes, and
a warning ( -W ) 5 days before password expiration.
Locking is inherently a temporary thing, so nothing is deleted when an account is locked. The commands:
usermod -L <username>
or
passwd -l <username>
lock the account by placing a ! character in front of the encrypted password in /etc/shadow. The commands:
usermod -U <username>
or
passwd -u <username>
then unlock the account by removing the bang ( ! ) character.
One other method of locking an account that you might run into is changing the user’s default shell, preventing them from accessing the system:
chsh -s /bin/fake <username>