SSSD Manual pages

Table of Contents

sss_usermod — modify a user account


sss_usermod — modify a user account


sss_usermod [ options ] LOGIN


sss_usermod modifies the account specified by LOGIN to reflect the changes that are specified on the command line.


-c,--gecos COMMENT

Any text string describing the user. Often used as the field for the user's full name.

-h,--home HOME_DIR

The home directory of the user account.

-s,--shell SHELL

The user's login shell.

-a,--append-group GROUPS

Append this user to groups specified by the GROUPS parameter. The GROUPS parameter is a comma separated list of group names.

-r,--remove-group GROUPS

Remove this user from groups specified by the GROUPS parameter.


Lock the user account. The user won't be able to log in.


Unlock the user account.

-Z,--selinux-user SELINUX_USER

The SELinux user for the user's login.


Display help message and exit.


In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running.

The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd(8)) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups.


sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5), sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), pam_sss(8).