I‘m a new Linux sys admin and I’m unable to find the command to list all users on my RHEL server. What is the command to list users under Linux operating systems?
/etc/passwd file contains one line for each user account, with seven fields delimited by colons. This is a text file. You can easily list users using the cat command as follows:
$ cat /etc/passwd
Sample outputs:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh .... .. ...
OR use pages as follows to view /etc/passwd file:
$ more /etc/passwd
$ less /etc/passwd
Sample outputs:
All fields are separated by a colon (:) symbol. Total seven fields exists. The first field is username. It is used when user logs in. It should be between 1 and 32 characters in length.
Task: Linux List Users Command
To list only usernames type the following awk command:
$ awk -F':' '{ print $1}' /etc/passwd
Sample outputs:
root daemon bin sys sync games man lp mail news .... .. ..hplip vivek bind haldaemon sshd mysql radvd
A Note About System and General Users
Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter:
$ grep "^UID_MIN" /etc/login.defs
$ grep UID_MIN /etc/login.defs
Sample outputs:
UID_MIN 1000 #SYS_UID_MIN 100
1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:
## get UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## use awk to print if UID >= $UID_LIMIT ## awk -F':' -v "limit=${l##UID_MIN}" '{ if ( $3 >= limit ) print $1}' /etc/passwd |
To see maximum values for automatic uid selection in useradd command, enter:
awk -F’:’ -v “min=${l##UID_MIN}” -v “max=${l1##UID_MAX}” ‘{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd
$ grep “^UID_MAX” /etc/login.defs
Sample outputs:
UID_MAX 60000
In other words all normal system users must have UID >= 1000 (MIN) and UID <= 60000 (MAX) and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Here is an updated code:
## get mini UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## get max UID limit ## l1=$(grep "^UID_MAX" /etc/login.defs) ## use awk to print if UID >= $MIN and UID <= $MAX ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd |
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh jwww:x:504:504::/htdocs/html:/sbin/nologin wwwcorp:x:505:505::/htdocs/corp:/sbin/nologin wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
/sbin/nologin is used to politely refuse a login i.e. /sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or you do not want user to login into system using ssh. To filter /sbin/nologin, enter:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) "$_p" |
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
Finally, this script lists both system and users accounts:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user and system accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## echo "----------[ Normal User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) print $0 }' "$_p" echo "" echo "----------[ System User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( !($3 >= min && $3 <= max && $7 != "/sbin/nologin")) print $0 }' "$_p" |
Sample outputs:
----------[ Normal User Accounts ]--------------- vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh ----------[ System User Accounts ]--------------- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash memcached:x:498:496:Memcached daemon:/var/run/memcached:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
24 comment
I would change it to `cat /etc/passwd | grep -v nologin` which gives a clearer view into which users can actually login and execute.
Thanks for the feedback! The faq has been updated with more info.
This is one of the most common mistakes of unexperimented people on UNIX-like utilities. Instead of ‘cat $file | grep $pattern’ you should use ‘grep $pattern $file’ which is much clearer and allows for easier sudoing.
Nevertheless, I’ll take note of the ‘nologin’ advice. Thanks!
“Instead of ‘cat $file | grep $pattern’ you should use ‘grep $pattern $file’ ”
I’m one more mistaken user :)
I would also have a look at:
last
lastb
lastlog
quite interesting commands on users activity on a host.
Claudio
Good call. Appreciate your comment.
ldap enviroment, whats about:
# getent passwd |egrep -v ‘nologin|false’
i recommend this to get a userlist
The ldap and nis scenarios for centralized login administration are omitted here.
The local passwd file may be just the tip of the login iceberg if either of those is set in
/etc/nsswitch.conf
For example:
# ypcat passwd
would be the common command if nis is set up.
new version, with columns
#!/bin/bash
# Name: listusers.bash
# Purpose: List all normal user and system accounts in the system. Tested on RHEL / Debian Linux
# Author: Vivek Gite , under GPL v2.0+
# http://www.cyberciti.biz/faq/linux-list-users-command/
# ———————————————————————————–
_l=”/etc/login.defs”
_p=”/etc/passwd”
## get mini UID limit ##
l=$(grep “^UID_MIN” $_l)
## get max UID limit ##
l1=$(grep “^UID_MAX” $_l)
## use awk to print if UID >= $MIN and UID = min && $3 = min && $3 <= max && $7 != "/sbin/nologin" ) printf "%-15s %-5s %-5s %-25s %-10sn", $1, $3, $4, $6, $7 }' "$_p"
echo " "
## use awk to print if UID $MAX ##
echo “—————————-[ System User Accounts ]—————————”
printf “%-15s %-5s %-5s %-25s %-10sn” “Login” “UID” “GID” “Home” “Shell”
echo “——————————————————————————-”
#awk -F’:’ -v “min=${l##UID_MIN}” -v “max=${l1##UID_MAX}” ‘{ if ( !( $3 >= min && $3 = min && $3 <= max && $7 != "/sbin/nologin" ) ) printf "%-15s %-5s %-5s %-25s %-10sn", $1, $3, $4, $6, $7 }' "$_p"
and a group list script
humm looks like it got cut.
drop me an email and ill send both scripts
hi there,
great script, really helps me a lot, and it’s also very well documented! great work!
however, since i’m a newbie when it comes to shell scripting, how do I direct the output from stdout into a file?
I’ve found something like this:
2>&1 | tee -a users.txt
but somehow this doesn’t quite work :(
any help would be appreciated!
thanks!
Redirect the output to a file with the first command and then append the second command output:
…
## use awk to print if UID >= $MIN and UID /tmp/userlist
awk -F’:’ -v “min=${l##UID_MIN}” -v “max=${l1##UID_MAX}” ‘{ if ( $3 >= min && $3 > /tmp/userlist
echo “” >> /tmp/userlist
echo “———-[ System User Accounts ]—————” >> /tmp/userlist
awk -F’:’ -v “min=${l##UID_MIN}” -v “max=${l1##UID_MAX}” ‘{ if ( !($3 >= min && $3 > /tmp/userlist
can some body help me with the following question?
Find the number of users on your system whose user ids are greater than 8?
Thanks. Short and to the point.
Can even use this!
cat /etc/passwd | grep “/home/” | awk -F’:’ ‘{ print $1}’
Thanks for this!
how can see only system users in linux using command
Note that none of this accounts for systems using an external source for its users. If you are using ldap or (gasp!) Active Directory to source your users, then listing /etc/passwd will not yield the desired results, as you won’t see the bulk of your users.
The command we use, insted of “cat /etc/passwd”, is “getent passwd”, which returns the combined list of users from /etc/passwd (local users) and other sources. The getent command will give you a more realistic view of your users, on any system you encounter.
Could you show how I would use your command in the final script as posted by the original poster? I think that is the issue I’m having where it is only showing the users with Local Authentication, not AD Users (yes ack.. AD).
Thanks,
Bob
Excellent explanation and script of list users in linux! Congrats Mate!
Aaron
Thanks for detailed tutorial.
I configured the VNC as per given step. How to access the same GUI from host machine as we accessing from VNC client.
Regular user accounts:
cat /etc/passwd | grep ":[0-9][0-9][0-9][0-9]:"System user accounts:
1) without “nologin”
cat /etc/passwd | egrep ":[0-9][0-9][0-9]:|:[0-9][0-9]:|:[0-9]:" | egrep - v 'nologin|false'2) with “nologin”
cat /etc/passwd | egrep ":[0-9][0-9][0-9]:|:[0-9][0-9]:|:[0-9]:"OR (if you like a separate, clean UIDs listing of one, two or three digits):
cat /etc/passwd | grep ":[0-9]:"cat /etc/passwd | grep ":[0-9][0-9]:"
cat /etc/passwd | grep ":[0-9][0-9][0-9]:"
I actually improved this a little bit; here are some useful aliases which you can put in the ~/.bashrc file:
# ‘getus’ > Get REGULAR Users
# ‘getsysus’ > Get SYSTEM Users
# ‘getgr’ > Get USER Groups
# ‘getsysgr’ > Get SYSTEM Groups
# ‘getwheel’ > Get WHEEL’s Users
alias getus=’getent passwd | egrep “:[0-9][0-9][0-9][0-9]:|[0-9][0-9][0-9][0-9][0-9]”‘
alias getsysus=’getent passwd | egrep -v “:[0-9][0-9][0-9][0-9]:|[0-9][0-9][0-9][0-9][0-9]”‘
alias getgr=’getent group | egrep “:[0-9][0-9][0-9][0-9]:|[0-9][0-9][0-9][0-9][0-9]”‘
alias getsysgr=’getent group | egrep -v “:[0-9][0-9][0-9][0-9]:|[0-9][0-9][0-9][0-9][0-9]”‘
alias getwheel=’getent group | grep ^wheel’
Also if you like to ‘egrep’ the ‘nologin’ out of ‘getsysus’ and ‘getsysgr’ above, here you go:
getsysus | egrep -v nologin
getsysgr | egrep -v nologin
Or, simply add them altogether on the above aliases like so:
alias getsysus=’getent passwd | egrep -v “:[0-9][0-9][0-9][0-9]:|[0-9][0-9][0-9][0-9][0-9]|nologin”‘
alias getsysgr=’getent group | egrep -v “:[0-9][0-9][0-9][0-9]:|[0-9][0-9][0-9][0-9][0-9]|nologin”‘