I'm a new Linux sys admin and I'm unable to find the command to list all users on my RHEL server. What is the command to list users under Linux operating systems?
/etc/passwd file contains one line for each user account, with seven fields delimited by colons. This is a text file. You can easily list users using the cat command as follows:
$ cat /etc/passwd
Sample outputs:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh .... .. ...
OR use pages as follows to view /etc/passwd file:
$ more /etc/passwd
$ less /etc/passwd
Sample outputs:
Fig.01: List users using /etc/passwd
All fields are separated by a colon (:) symbol. Total seven fields exists. The first field is username. It is used when user logs in. It should be between 1 and 32 characters in length.
Task: Linux List Users Command
To list only usernames type the following awk command:
$ awk -F':' '{ print $1}' /etc/passwd
Sample outputs:
root daemon bin sys sync games man lp mail news .... .. ..hplip vivek bind haldaemon sshd mysql radvd
A Note About System and General Users
Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter:
$ grep "^UID_MIN" /etc/login.defs
$ grep UID_MIN /etc/login.defs
Sample outputs:
UID_MIN 1000 #SYS_UID_MIN 100
1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:
## get UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## use awk to print if UID >= $UID_LIMIT ## awk -F':' -v "limit=${l##UID_MIN}" '{ if ( $3 >= limit ) print $1}' /etc/passwd
To see maximum values for automatic uid selection in useradd command, enter:
awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd
$ grep "^UID_MAX" /etc/login.defs
Sample outputs:
UID_MAX 60000
In other words all normal system users must have UID >= 1000 (MIN) and UID <= 60000 (MAX) and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Here is an updated code:
## get mini UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## get max UID limit ## l1=$(grep "^UID_MAX" /etc/login.defs) ## use awk to print if UID >= $MIN and UID <= $MAX ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh jwww:x:504:504::/htdocs/html:/sbin/nologin wwwcorp:x:505:505::/htdocs/corp:/sbin/nologin wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
/sbin/nologin is used to politely refuse a login i.e. /sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or you do not want user to login into system using ssh. To filter /sbin/nologin, enter:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) "$_p"
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
Finally, this script lists both system and users accounts:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user and system accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## echo "----------[ Normal User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) print $0 }' "$_p" echo "" echo "----------[ System User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( !($3 >= min && $3 <= max && $7 != "/sbin/nologin")) print $0 }' "$_p"
Sample outputs:
----------[ Normal User Accounts ]--------------- vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh ----------[ System User Accounts ]--------------- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash memcached:x:498:496:Memcached daemon:/var/run/memcached:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 6 comments… read them below or add one }
I would change it to `cat /etc/passwd | grep -v nologin` which gives a clearer view into which users can actually login and execute.
Thanks for the feedback! The faq has been updated with more info.
I would also have a look at:
last
lastb
lastlog
quite interesting commands on users activity on a host.
Claudio
Good call. Appreciate your comment.
ldap enviroment, whats about:
# getent passwd |egrep -v ‘nologin|false’
i recommend this to get a userlist
The ldap and nis scenarios for centralized login administration are omitted here.
The local passwd file may be just the tip of the login iceberg if either of those is set in
/etc/nsswitch.conf
For example:
# ypcat passwd
would be the common command if nis is set up.