Commands to List Users in Linux - 100% Beginner Friendly


Linux

Like any other operating system out there, Linux systems allow you to create new users, delete, and list users. This post will focus on the latter - How to list users on Linux? As a system administrator, you need to keep track of all the users in the system for security purposes. Most blackhat hackers create random user accounts after successfully hacking and penetrating a computer system to ensure persistence. Finding random user accounts on a computer is regarded as an Indicator of Compromise (IOC).

There are several ways which you can use to list users on your Linux system. All the methods we will look at in this post are command-line (Terminal) methods. Don't panic if you are not well versed with Linux Terminal. All you need to do is copy and paste the commands and execute them on your end. That said, let's get started.

 

Method 1: View Contents of the /etc/passwd File

That is one of the most common ways used to view users and that you should also be familiar with. The /etc/passwd file contains user account information necessary for login into the system. This file has general read permission by default. Therefore, anyone logged into the system can view the contents of this file. However, to write into this file requires sudo/ root privileges.

There are three main commands we can use to view the contents of this file. They are cat, less and more.  Run any of the commands below on your Linux Terminal.

cat /etc/passwd
less /etc/passwd
more /etc/passwd

We will use the cat utility for this post.

Commands to List Users in Linux - 100% Beginner Friendly

You will get a long output of all users in the system listed line by line. However, this doesn't mean all these users are logged in right now. You will also notice something interesting about this output. As illustrated below, every user has several fields listed next to them, separated by colons.

root:  x  :  0  :  0  :  root  :  /root   :  /bin/bash

daemon: x : 1 : 1 : daemon : /usr/sbin : /usr/sbin/nologin

Commands to List Users in Linux - 100% Beginner Friendly

Let's use the above image to discuss the various fields.

  1. root: This is the username used to log in to the system. It's always between 1-32 characters.
  2. x: This is the user's encrypted password and can be found in the /etc/shadow file.
  3. 0: This refers to the User ID (UID). 0(zero) is always reserved for root.
  4. 0: This is the Group ID (GID)
  5. root: It's commonly referred to as the Comment column. Here, you can add any additional information about the user. E.g., other names, phone numbers, etc.
  6. /root: The home directory
  7. /bin/bash: This refers to the path of the command-line shell used by the user.

If you only want to see the usernames and not the other bunch of information, you can use the awk or cut command as shown below.

awk -F: '{ print $1}' /etc/passwd
cut -d: -f1 /etc/passwd

Commands to List Users in Linux - 100% Beginner Friendly

Method 2: Use the getent Command

Another easy way to list users on Linux is using the getent utility. This command reads users from the Name Service Switch databases (NSS). The NSS allows information like hostnames, mail aliases, and user information to be resolved from different sources. To view all the sources, use the command below to display the contents of the nsswitch.conf file.

cat /etc/nsswitch.conf

Commands to List Users in Linux - 100% Beginner Friendly

Run the command below to list all system users with the getent utility.

getent passwd

Commands to List Users in Linux - 100% Beginner Friendly

From the image above, we are getting an output similar to the one from the /etc/passwd file in Method 1 above. Additionally, if you use Lightweight Directory Access Protocol (LDAP) to manage user login, getent will also list users in the LDAP database.

Similarly, we can combine the awk and cut command with getent to get only a list of usernames. Execute any of the commands below.

getent passwd | awk -F: '{ print $1}'
getent passwd | cut -d: -f1

Commands to List Users in Linux - 100% Beginner Friendly

 

Check Whether a User Exists on the System

Up to this point, you have a clear understanding of how to list users on the system and even pipe the out to commands like awk and cut to get only the usernames and omit the other fields. However, there are situations where you only need to check whether a particular user exists on the system. In such a case, you don't need to dump all the users on the Command-line then start going through line by line. Let's look at the various methods to verify whether a user exists on the system.

One method is piping the output and using the grep command to list the user, as shown below.

cat /etc/passwd | grep ubuntu-user

Commands to List Users in Linux - 100% Beginner Friendly

If the user doesn't exist on the system, the command will not output anything on the Terminal.

With getent, verifying whether a user exists on the system is even easier. Use the syntax below.

getent <username>
e.g
getent games

Commands to List Users in Linux - 100% Beginner Friendly

 

Verify the Number of User Accounts on a System

Another tip you need to know when working with users is knowing the number of user accounts present on the computer. That is another security measure you can use to detect any suspicious activities on your system. If you woke one day and found 53 user accounts, yet you only knew on 52, that would be a good IOC lead. We will use simple logic to get the number of user accounts on our system.

Since the users are listed line by line, we will pipe this output to the wc command, which will count the total number of lines. 

getent passwd | wc -l
cat /etc/passwd | wc -l

Commands to List Users in Linux - 100% Beginner Friendly

 

Summary

This post has given you a detailed guide on listing users, checking if a user exists, and even getting the number of user accounts on your system. All the methods described here should work on most Linux distributions, including Debian, Ubuntu, RHEL, CentOS, Arch Linux, and more. Do you have any questions or comments regarding this topic? If Yes, please feel free to hit the comments below.

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment