sss_usermod (8) - Linux Manuals

sss_usermod: modify a user account


sss_usermod - modify a user account


sss_usermod [options] LOGIN



modifies the account specified by LOGIN to reflect the changes that are specified on the command line.


-c,--gecos COMMENT

Any text string describing the user. Often used as the field for the user's full name.

-h,--home HOME_DIR

The home directory of the user account.

-s,--shell SHELL

The user's login shell.

-a,--append-group GROUPS

Append this user to groups specified by the GROUPS parameter. The GROUPS parameter is a comma separated list of group names.

-r,--remove-group GROUPS

Remove this user from groups specified by the GROUPS parameter.


Lock the user account. The user won't be able to log in.


Unlock the user account.

-Z,--selinux-user SELINUX_USER

The SELinux user for the user's login.

--addattr ATTR_NAME_VAL

Add an attribute/value pair. The format is attrname=value.

--setattr ATTR_NAME_VAL

Set an attribute to a name/value pair. The format is attrname=value. For multi-valued attributes, the command replaces the values already present

--delattr ATTR_NAME_VAL

Delete an attribute/value pair. The format is attrname=value.


Display help message and exit.


In order to function correctly, a domain with "id_provider=local" must be created and the SSSD must be running.

The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd(8)) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups.


The SSSD upstream -