Collect baseline identity evidence for an existing user, apply a set of account changes efficiently with usermod, perform a separate login rename operation, then verify the final state through NSS and filesystem ownership checks.
User Satoshi has moved teams. You must update access and account settings with minimal disruption. Capture baseline evidence first, apply changes efficiently, rename the login, then verify the final state with proof.
Primary group developers, add docker and wheel, set shell to /bin/zsh, move home to /srv/satoshi, set account expiry to 2025-12-31, set UID to 1055, set comment to Satoshi Nakamoto, and rename login satoshi to satoshi-renamed.
id
captures uid, gid, groups before changes.
-g
sets primary;
-aG
appends supplementary groups without overwriting.
-d
sets new home;
-m
moves contents.
-u
changes UID and can affect file ownership outside the home directory.
-e
sets login expiration date.
-l
changes the username and is commonly done as a separate, explicit step.
getent passwd
proves NSS state;
ls -ld
validates directory ownership and permissions.
id satoshiStart with baseline evidence. If something breaks, this is what you compare against and what you paste into a ticket update. It captures uid, primary gid, and supplementary groups.
uid=1003(satoshi) gid=1003(satoshi) groups=1003(satoshi)Combining changes reduces steps, but you still validate outcomes and separate the login rename to keep operations explicit and easier to roll back.
sudo usermod -g developers -aG docker,wheel -s /bin/zsh -d /srv/satoshi -m -e 2025-12-31 -u 1055 -c "Satoshi Nakamoto" satoshi
This updates group membership, login shell, home directory
location and moves the home contents, sets the account expiry
date, changes the UID, and updates the comment field. The
-aG
is critical because it appends groups; omitting
-a
overwrites the supplementary group list.
sudo usermod -l satoshi-renamed satoshiThis changes the username. Separating it from the bulk modification makes it obvious when the identity shift happened and helps keep verification steps clean.
getent passwd satoshi-renamedThis is the authoritative user record view. Confirm UID, primary group mapping, comment, home, and shell. If your environment uses directory services, getent is still the right tool because it reflects NSS resolution.
satoshi-renamed:x:1055:2001:Satoshi Nakamoto:/srv/satoshi:/bin/zshls -ld /srv/satoshiThis confirms the directory exists and validates ownership and permissions. This is a practical check that the home move happened and the primary group aligns with the new team.
drwx------ 4 satoshi-renamed developers 4096 Feb 8 07:11 /srv/satoshiChanging UID, home, and login names is risky while a user has active sessions. Ensure the account is not logged in and processes are stopped before applying identity changes.
If you used
-G
without
-a
you replaced the supplementary group list. Use
-aG
to append additional groups safely.
Files outside the home directory may still be owned by the old UID. After a UID change, locate and correct ownership on impacted paths when required by your environment.
Ensure you included
-m
along with
-d
. Without
-m
, usermod updates the home path in metadata but does not
relocate files.
This lab is intentionally condensed and does not include a teardown step. If you are running in a disposable environment, your cleanup is reverting the identity changes or deleting the test account per your lab reset workflow.
getent passwd satoshi-renamed
ls -ld /srv/satoshiThe passwd entry shows the renamed login, the expected home, and the updated shell. The home directory exists with sane ownership and permissions.
id <user>
: Displays UID, primary group, and supplementary groups.
usermod -g <group> <user>
: Sets the primary group for a user.
-g
: Primary group.
usermod -aG <g1,g2> <user>
: Appends supplementary groups without overwriting existing groups.
-a
: Append to supplementary groups.
-G
: Supplementary groups (comma-separated).
usermod -s <shell> <user>
: Sets the login shell.
-s
: Login shell.
usermod -d <home> -m <user>
: Sets home directory path and moves the contents.
-d
: New home directory path.
-m
: Move the content to the new home directory.
usermod -e <YYYY-MM-DD> <user>
: Sets the account expiration date.
-e
: Account expires on specified date.
usermod -u <uid> <user>
: Changes the numeric UID for a user.
-u
: New UID.
usermod -c "<comment>" <user>
: Sets the account comment (GECOS).
-c
: Comment field.
usermod -l <new> <old>
: Renames the login username.
-l
: New login name.
getent passwd <user>
: Shows the NSS passwd entry for a user.
ls -ld <path>
: Shows directory permissions and ownership.
-l
: Long listing format.
-d
: List the directory entry itself, not its contents.