How-To

How to List Users in Linux

Linux featured

It’s important to know who has access to your Linux PC (and control over your files), but you can easily list users in Linux to find out. Here’s how.

The Linux operating system offers commands to create and delete users and check which ones are logged in. However, there’s no command to list users, logged in or not, on the system.

Still, there are a couple of ways to pull this off. If you want to learn how to list users in Linux, follow our steps below.

Why You Should Check Your Linux User List

There are a number of reasons you may want to list users in Linux. It’s a good practice in terms of finding and deleting unused accounts, for one. From a security standpoint, it’s also a good way to make sure you don’t have intruders creating user accounts.

This is an administrative task that you should probably do at least once a month. If you’re running a corporate Linux server, you may want to do it more often.

Users Listed in /etc/passwd

All of your Linux server’s user accounts have entries in the file /etc/passwd. Each line represents a user, and has seven fields separated by colons. The fields provide information on the user.

  • User name.
  • Encrypted password (x indicates the password is actually in /etc/shadow)
  • User ID number (UID).
  • User’s group ID number (GID).
  • Full name of the user, if listed.
  • User home directory.
  • Login shell

So, that brings us to one way to list all of the users on Linux. You can use the less command to see the entire file, one screen at a time.

less /etc/passwd

how to list users in linux using less

If you want to check whether a particular user exists in the Linux system, that’s a good use for the command grep:

less passwd | grep jeff

finding if a user exists on linux

If you don’t get any output, that user doesn’t exist on the Linux server.

Still, that’s a lot of information. You can trim it down to just the username, for example, using either the awk or cut commands:

awk -F: '{print $1}' /etc/passwd
cut -d: -f1 /etc/passwd

listing users with just usernames

That tends to be much easier to understand, but it still leaves you viewing all of the system-based user accounts mixed in with your human users.

How to Use getent to List Users

Another command, getent, is much more useful. It displays entries from any database configured in your server’s /etc/nsswitch.conf file. One of those is the passwd database. To use getent to display a list of all Linux users, it works like this:

getent passwd

The output looks exactly the same as using the less command, but lists any LDAP users on the Linux system. Once again, our awk and cut commands can help see only the first field, the usernames.

If you want to check whether a particular user exists in the Linux system, getent makes it easy:

getent passwd jeff

Again, no output from this command tells you that user doesn’t exist.

Another terrific use for getent is finding out how many user accounts exist on the server. This is done by piping getent’s output through the wc command, like this:

getent passwd | wc -l

getting a count of user accounts

As you can see, my Linux system has a total of 48 accounts. Pretty interesting, since I’m the only one who uses it, but that just shows how many system accounts are created in Linux.

Weeding Out System Users From Normal Users

In the eyes of Linux, there’s no difference between a system user and a human one. Anytime you install the OS, it creates a number of system users. Other system users get created for various packages, like web or mail service software.

So, how can you list just the regular, human users on the Linux system? The key here is understanding that when you create a regular user, its UID is assigned within a certain range of numbers.By checking the /etc/login.defs file, we can determine the range of UID values available for regular user accounts.

grep -E '^UID_MIN|^UID_MAX' /etc/login.defs

UID min and max values

Based on the output, I know that normal users should have a UID between 1000 and 60000. From this, I can construct a getent query that will only display normal users.

getent passwd {1000..60000}

getent output of normal users

Bear in mind, getent will appear to hang even after it displays its output. You can press Ctrl-C to end the process, or wait until it finishes. It usually takes less than 15 seconds to complete searching the passwd database.

A more generic version of this command takes into account different UID_MIN and UID_MAX values various servers might use.

eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)}

In that command, we’re taking advantage of Linux’s ability to do multiple things at once. The awk commands get the UID_MIN and UID_MAX values, then use them within the getent command.

Now, let’s say all we want are the usernames. Once again, we pipe our output through the cut command, like so:

eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)} | cut -d: -f1

 

eval getent output of users

This command may take 10 to 15 seconds to complete, so be patient.

Effectively Managing Your Linux Users

It’s important to keep track of what user accounts exist on your Linux system. When you know an employee has left, be prompt in deleting their user account. Periodically listing your Linux users will help make sure you catch any accounts that might have stuck around.

At the same time, be sure to keep on top of password security policies and encourage your users to change their passwords regularly.

Click to comment

Leave a Reply

Your email address will not be published.

 

To Top