The /etc/passwd file contains one line for each Linux user account, with seven fields delimited by colons. This is a text file. You can easily list users under Linux using the cat command or other commands such as grep command/egrep command and more. This page describes various Linux commands to list all users on the Linux operating system, including Ubuntu, Debian, RHEL, Arch, Fedora, CentOS, and other distros.
Tutorial requirements | |
---|---|
Operating system/app | Linux |
Root privileges required | No |
Difficulty | Easy (rss) |
Estimated completion time | 2m |
Linux list all users account using the /etc/passwd file
Type any one of the following command:
$ cat /etc/passwd
Sample outputs:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh .... .. ... vnstat:x:131:137:vnstat daemon,,,:/var/lib/vnstat:/usr/sbin/nologin
Each line in the file has seven fields as follows. For example, consider the following line:
vnstat:x:131:137:vnstat daemon,,,:/var/lib/vnstat:/usr/sbin/nologin
Where,
- vnstat – The user name or login name.
- x – Encrypted password is stored in the /etc/shadow file.
- 131 – UID (user ID number)
- 137 – Primary GID (group ID number)
- vnstat daemon – GECOS. It may includes user’s full name (or application name, if the account is for a program), building and room number or contact person, office telephone number, home telephone number and any other contact information.
- /var/lib/vnstat – Home directory for the user.
- /usr/sbin/nologin – Login shell for the user. Pathnames of valid login shells comes from the /etc/shells file.
How to list users in Linux using pagers
Of course we can use pagers such as more/less commands as follows to view the /etc/passwd file:
$ more /etc/passwd
$ less /etc/passwd
Sample outputs:
Fig.01: List users using /etc/passwd
tail -5 /etc/passwd
head -5 /etc/passwd
Linux list user names only
To list only usernames type the following awk command:
$ awk -F':' '{ print $1}' /etc/passwd
Sample outputs:
root daemon bin sys sync games man lp mail news .... .. ..hplip vivek bind haldaemon sshd mysql radvd
Another option is to use the cut command:
$ cut -d: -f1 /etc/passwd
Get a list of all users using the getent command
To get a list of all Linux users you can type the following getent command:
$ getent passwd
$ getent passwd | grep tom
## get a list all users ##
$ getent passwd | cut -d: -f1
## count all user accounts using the wc ##
$ getent passwd | wc -l
One can use the compgen command on Linux to list users and other resources too:
$ compgen -u
Find out whether a user account exists in the Linux server
We can use above commands to see whether a user exists in the Linux machine as follows using the grep command:
compgen -u | grep vivek getent passwd | grep -q sai && echo "User sai found" || echo "User sai not found" compgen -u | grep -q ram && echo "User ram found" || echo "User ram not found"
A simplified command would be:
getent passwd {username} getent passwd vivek
How to count user accounts in the Linux server
Want to get user accounts count on your system? Try the wc command as follows:
$ compgen -u | wc -l
$ getent passwd | wc -l
A Note About System and General Users
Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter:
$ grep "^UID_MIN" /etc/login.defs
$ grep UID_MIN /etc/login.defs
Sample outputs:
UID_MIN 1000 #SYS_UID_MIN 100
1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:
## get UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## use awk to print if UID >= $UID_LIMIT ## awk -F':' -v "limit=${l##UID_MIN}" '{ if ( $3 >= limit ) print $1}' /etc/passwd
To see maximum values for automatic uid selection in the useradd command, enter:
$ grep "^UID_MAX" /etc/login.defs
Sample outputs:
UID_MAX 60000
In other words, all normal system users must have UID >= 1000 (MIN) and UID /etc/shells file. Here is an updated code to get details:
## get mini UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## get max UID limit ## l1=$(grep "^UID_MAX" /etc/login.defs) ## use awk to print if UID >= $MIN and UID <= $MAX ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh jwww:x:504:504::/htdocs/html:/sbin/nologin wwwcorp:x:505:505::/htdocs/corp:/sbin/nologin wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
/sbin/nologin is used to politely refuse a login i.e. /sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or you do not want user to login into system using ssh. To filter /sbin/nologin, enter:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user accounts in the system. Tested on RHEL / Debian Linux to List All Users on Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) "$_p"
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
Finally, this script lists both system and users accounts:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user and system accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## echo "----------[ Normal User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) print $0 }' "$_p" echo "" echo "----------[ System User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( !($3 >= min && $3 <= max && $7 != "/sbin/nologin")) print $0 }' "$_p"
Sample outputs:
----------[ Normal User Accounts ]--------------- vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh ----------[ Linux List All Users (System User Accounts) ]--------------- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash memcached:x:498:496:Memcached daemon:/var/run/memcached:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
Conclusion
You learned how to get a list of users in Linux machine. We can use the getent, cat, more, cut and other commands to fetch list of user accounts on a Linux system. See how to check list of users in Unix and man pages as follows:
man 5 passwd
man getent
man cut
man awk
help compgen
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 25 comments... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
I would change it to `cat /etc/passwd | grep -v nologin` which gives a clearer view into which users can actually login and execute.
Thanks for the feedback! The faq has been updated with more info.
This is one of the most common mistakes of unexperimented people on UNIX-like utilities. Instead of ‘cat $file | grep $pattern’ you should use ‘grep $pattern $file’ which is much clearer and allows for easier sudoing.
Nevertheless, I’ll take note of the ‘nologin’ advice. Thanks!
“Instead of cat $file | grep $pattern you should use grep $pattern $file ”
I’m one more mistaken user :)
I would also have a look at:
last
lastb
lastlog
quite interesting commands on users activity on a host.
Claudio
Good call. Appreciate your comment.
ldap enviroment, whats about:
# getent passwd |egrep -v ‘nologin|false’
i recommend this to get a userlist
The ldap and nis scenarios for centralized login administration are omitted here.
The local passwd file may be just the tip of the login iceberg if either of those is set in
/etc/nsswitch.conf
For example:
# ypcat passwd
would be the common command if nis is set up.
new version, with columns
and a group list script
humm looks like it got cut.
drop me an email and ill send both scripts
hi there,
great script, really helps me a lot, and it’s also very well documented! great work!
however, since i’m a newbie when it comes to shell scripting, how do I direct the output from stdout into a file?
I’ve found something like this:
2>&1 | tee -a users.txt
but somehow this doesn’t quite work :(
any help would be appreciated!
thanks!
Redirect the output to a file with the first command and then append the second command output:
…
can some body help me with the following question?
Find the number of users on your system whose user ids are greater than 8?
Thanks. Short and to the point.
Can even use this!
cat /etc/passwd | grep “/home/” | awk -F’:’ ‘{ print $1}’
Thanks for this!
how can see only system users in linux using command
Note that none of this accounts for systems using an external source for its users. If you are using ldap or (gasp!) Active Directory to source your users, then listing /etc/passwd will not yield the desired results, as you won’t see the bulk of your users.
The command we use, insted of “cat /etc/passwd”, is “getent passwd”, which returns the combined list of users from /etc/passwd (local users) and other sources. The getent command will give you a more realistic view of your users, on any system you encounter.
Could you show how I would use your command in the final script as posted by the original poster? I think that is the issue I’m having where it is only showing the users with Local Authentication, not AD Users (yes ack.. AD).
Thanks,
Bob
Excellent explanation and script of list users in linux! Congrats Mate!
Aaron
Thanks for detailed tutorial.
I configured the VNC as per given step. How to access the same GUI from host machine as we accessing from VNC client.
Regular user accounts:
cat /etc/passwd | grep ":[0-9][0-9][0-9][0-9]:"
System user accounts:
1) without “nologin”
cat /etc/passwd | egrep ":[0-9][0-9][0-9]:|:[0-9][0-9]:|:[0-9]:" | egrep - v 'nologin|false'
2) with “nologin”
cat /etc/passwd | egrep ":[0-9][0-9][0-9]:|:[0-9][0-9]:|:[0-9]:"
OR (if you like a separate, clean UIDs listing of one, two or three digits):
cat /etc/passwd | grep ":[0-9]:"
cat /etc/passwd | grep ":[0-9][0-9]:"
cat /etc/passwd | grep ":[0-9][0-9][0-9]:"
I actually improved this a little bit; here are some useful aliases which you can put in the ~/.bashrc file:
3824121660057b30e6eec_000006
Latest systemd concept : dynamic user !!!
Dynamic user are created at the service start and destroy at the stop. They exist only in systemd process and are enable by the “systemd” service in nsswitch.conf.
Fortunately “getent passwd” lists them. So “getent” is the privilegied command to list user.
To have only dynamic users : “getent -s systemd passwd“