Tue. Mar 5th, 2024

Quick Links

Key Takeaways

  • You can list user accounts on Linux using commands like “cat /etc/passwd” or “getent passwd”.
  • Extraneous and unused accounts just add clutter to your system, and they may even present a security risk, depending on your situation.

Linux is a multiuser operating system, so creating numerous user accounts is easy. Over time, it’s easy to lose track of which accounts are required. Listing user accounts helps you manage them.

Usually, extra accounts just add clutter, but they can also open up security vulneraiblities.

Advances in technology often bring their own new problems. As soon as computers were able to support multiple users, the need to ring-fence and encapsulate each person’s work from everyone else became apparent. This led to the concept of user accounts. Each user has a named ID and a password. These are the credentials that let them log into their account. Their files are kept in an area that is private to each user.

On a busy system, it is easy to lose sight of which accounts you have created, and which are no longer needed. From a security point of view, it is bad practice to keep user accounts that you no longer need to be configured and accessible on your computer. You should remove those users.

Even if you don’t have other people using your computer you might have created some accounts just to learn how to do it, or to learn and practice administration processes.

The first step is to list the user accounts that are configured on your computer. That lets you review them and make a judgment call on which can be deleted. There are several methods to list users. No matter which distribution you’re using, these techniques should work for you without needing to install any applications or utilities.

List Users With the cat Command

A list of the configured users is maintained, along with information about each user, in the “/etc/passwd” file. This is a text file that regular users can list to the terminal window. You don’t need to use sudo to look into the “/etc/passwd” file.

We can use the cat command to send the contents of the “/etc/passwd” file to the terminal window. This will list the entire contents of the file. This means you’ll also see the entries for user accounts that are owned by processes and the system, not by people.

cat /etc/passwd

Sending the passwd file to the terminal window with cat

There’s a line of dense information reported for each user account.

The contents of the passwd file

The information for the user account called “dave” contains these pieces of information, with colons “:” between them.

  • dave: The name of the user account. Usually the name of the person who owns the account.
  • x: At one time, this held the password for the account. Nowadays, passwords are stored in the “/etc/shadow” file. The “x” means the password is in that file.
  • 1000: The user ID for this account. All user accounts have a unique numeric ID. Regular user accounts usually start at 1000, with each new account taking the next free ID, such as 1001, 1002, and so on.
  • 1000: The group ID of the default group the user belongs to. In normal circumstances, the default group has the same value as the user ID.
  • dave,,,: A collection of optional extra information about the user. This field contains data with commas “,” between them. They can hold things like the full name of the user, their office number, and their telephone number. The entry for user account “mary” shows her full name is Mary Quinn.
  • /home/dave: The path to the user’s home folder.
  • /bin/bash: The default shell for this user.

If we pipe the output from this command through the wc utility and use the -l (lines) option we can count the lines in the file. That’ll give us the number of accounts configured on this computer.

cat /etc/passwd | wc -l

Counting the number of accounts in the passwd file

That figure includes the system accounts and users created by applications. There are about 400 regular users configured on this computer. Your result is likely to be a lot less.

With that many accounts, it’s more convenient to use less to view the “/etc/passwd” file.

less /etc/passwd

Opening the /etc/passwd file in less

Using less also allows you to search within the output, should you want to look for a particular user account.

Searching for the mary account in the /etc/passwd file, in less

The awk Command

Using the awk command we can display just the username. This can be useful when you’re writing a script that needs to do something to a lot of user accounts. Listing the user account names and redirecting them into a text file can be a great time saver. All you need to do then is copy and paste the rest of the command onto each line.

We’ll tell awk to use the colon “:” as the field separator, and to print the first field. We’ll use the -F (field separator) option.

awk -F: '{print $1}' /etc/passwd

An awk command to select only the user names from the /etc/passwd

The user account names are written to the terminal window without any of the other account information.

The user account names displayed in the terminal window

The cut Command

We can achieve the same sort of thing using the cut command. We need to use the -d (delimiter) option and ask it to select the first field only, using the -f (fields) option.

cutr -d: -f1

Using the cut command to display only the usernames from the /etc/passwd file

This lists all of the user accounts, including the system and other non-human accounts.

The compgen Command

The compgen command can be used with the -u (user) option to list the user accounts. We’ll pipe the output through the column command to list the user accounts in columns, instead of one long list with a single user name per line.

compgen -u | column

Using the compgen and column commands to list the user account names from the /etc/passwd file in columns

Again, the first user accounts listed belong to processes, not humans.


User accounts are given a numeric ID, which we saw earlier. Usually, the regular human user accounts start at 1000, and the system, non-human, user accounts start at 0. The ID of the root account is 0.

If we can verify the lowest and highest possible user IDs, we can use that information to select the user accounts that are between those two values. That will let us select only the user accounts belonging to real people.

Linux keeps track of these two values using configuration parameters called UID_MIN and UID_MAX . These are held in the “/etc/login.defs” file. We can easily see these values using grep.

We’re going to use the -E (extended regex) option. Our search string looks for lines that begin with “UID_MIN” or “UID_MAX” in the “/etc/login.defs” file. The caret “^” represents the beginning of a line.

grep -E '^UID_MIN|^UID_MAX' /etc/login.defs

Sending the passwd file to the terminal window with cat

The range for user IDs on this computer is from 1000 to 60,000.

The getent Command

The getent command reads information from system databases. We can tell it to list the entries in the “/etc/passwd” file by using “passwd” as a parameter.

getent passwd

Sending the passwd file to the terminal window with cat

This gives us the same readout we can get using cat. But where getent shines is by accepting values known as “keys.” A key dictates which information getent reports on. If we want to see the entry for a single user, we can pass in their user account name on the command line.

getent passwd Sarah

Note that the user account name is case-sensitive.

getent passwd sarah

Sending the passwd file to the terminal window with cat

We can also pass in the upper and lower limits of the user account IDs we want to see. To see absolutely all the regular user accounts, we can use the values from UID_MIN and UID_MAX.

getent passwd {1000..60000}

Sending the passwd file to the terminal window with cat

This takes some time to run. Eventually, you’ll be returned to the command prompt.

Sending the passwd file to the terminal window with cat

The reason for the long execution time is that getent tries to find matches for all of the user account values right up to 60000.

Let’s see what the highest user account ID is. We’ll use the cut command, but this time we’ll ask for field three, the user ID field. We’ll pipe the output through sort and use the -g (general numeric sort) option.

cut -d: -f3 /etc/passwd | sort -g

Sending the passwd file to the terminal window with cat

The highest ID value of a human-owned user account is 1401.

Sending the passwd file to the terminal window with cat

User id 65534 is assigned to the system concept of “nobody.”

getent passwd {65534..65534}

The system user nobody, with ID 65534

So we know that instead of using the UID_MAX value of 60000, on this computer we can use a more realistic value like 1500. That’ll speed things up nicely. We’ll also pipe the output through cut to extract just the names of the user accounts.

getent passwd {1000..1500} | cut -d: -f1

Sending the passwd file to the terminal window with cat

The users are listed and we’re returned immediately to the command prompt.

Instead of piping the output through cut, let’s pipe the output through wc and count the lines once more. That’ll give us the number of “real” user accounts.

getent passwd {1000..1500} | wc -l

Sending the passwd file to the terminal window with cat

We can now see that on this computer, definitively, there are 400 configured, human-owned, user accounts.

Power and Simplicity

One of these techniques is sure to suit your needs when you need to review the user accounts on a Linux computer. These commands should be present on all distributions, and none of them require sudo access, so they are all available to every user.

Source link

By John P.

Leave a Reply

Your email address will not be published. Required fields are marked *