Post a Reply
126 views

Linux List All Users In The System

  1. 4 weeks ago

    /etc/passwd file contains one line for each user account, with seven fields delimited by colons This is a text file. You can easily list users using the cat command or other commands such as grep command/egrep command and more. This page describes various Linux commands to list all users on Linux operating system.

    Linux list all users command

    Type any one of the following command:

    $ cat /etc/passwd

    Sample outputs:

    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    bin:x:2:2:bin:/bin:/bin/sh
    sys:x:3:3:sys:/dev:/bin/sh
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/bin/sh
    man:x:6:12:man:/var/cache/man:/bin/sh
    ....
    ..
    ...

    OR use pagers such as more/less command as follows to view /etc/passwd file:

    $ more /etc/passwd
    $ less /etc/passwd

    Sample outputs:

    upload.png

    List users using /etc/passwd

    All fields are separated by a colon (:) symbol. Total seven fields exists. The first field is username. It is used when user logs in. It should be between 1 and 32 characters in length.

    How to only List user names on Linux

    To list only usernames type the following awk command:

    $ awk -F':' '{ print $1}' /etc/passwd

    Sample outputs:

    root
    daemon
    bin
    sys
    sync
    games
    man
    lp
    mail
    news
    ....
    ..
    ..hplip
    vivek
    bind
    haldaemon
    sshd
    mysql
    radvd

    Another option is to use the cut command:

    $ cut -d: -f1 /etc/passwd

    Say hello to getent command

    To get a list of all Linux users you type the following getent command:

    $ getent passwd
    $ getent passwd | grep tom

    One can use the compgen command to list all users and other resources too:

    $ compgen -u

    A Note About System and General Users

    Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter:

    $ grep "^UID_MIN" /etc/login.defs
    $ grep UID_MIN /etc/login.defs

    Sample outputs:

    UID_MIN			 1000
    #SYS_UID_MIN		  100

    1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:

    ## get UID limit ##
    l=$(grep "^UID_MIN" /etc/login.defs)
    ## use awk to print if UID >= $UID_LIMIT ##
    awk -F':' -v "limit=${l##UID_MIN}" '{ if ( $3 >= limit ) print $1}' /etc/passwd

    To see maximum values for automatic uid selection in useradd command, enter:

    awk -F’:’ -v “min=${l##UID_MIN}” -v “max=${l1##UID_MAX}” ‘{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd
    $ grep “^UID_MAX” /etc/login.defs

    Sample outputs:

    UID_MAX			60000

    In other words all normal system users must have UID >= 1000 (MIN) and UID <= 60000 (MAX) and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Here is an updated code:

    ## get mini UID limit ##
    l=$(grep "^UID_MIN" /etc/login.defs)
     
    ## get max UID limit ##
    l1=$(grep "^UID_MAX" /etc/login.defs)
     
    ## use awk to print if UID >= $MIN and UID <= $MAX   ##
    awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd

    Sample outputs:

    vivek:x:500:500::/home/vivek:/bin/bash
    raj:x:501:501::/home/raj:/bin/ksh
    ash:x:502:502::/home/ash:/bin/zsh
    jadmin:x:503:503::/home/jadmin:/bin/sh
    jwww:x:504:504::/htdocs/html:/sbin/nologin
    wwwcorp:x:505:505::/htdocs/corp:/sbin/nologin
    wwwint:x:506:506::/htdocs/intranet:/bin/bash
    scpftp:x:507:507::/htdocs/ftpjail:/bin/bash
    rsynftp:x:508:508::/htdocs/projets:/bin/bash
    mirror:x:509:509::/htdocs:/bin/bash
    jony:x:510:510::/home/jony:/bin/ksh
    amyk:x:511:511::/home/amyk:/bin/ksh

    /sbin/nologin is used to politely refuse a login i.e. /sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or you do not want user to login into system using ssh. To filter /sbin/nologin, enter:

    #!/bin/bash
    # Name: listusers.bash
    # Purpose: List all normal user accounts in the system. Tested on RHEL / Debian Linux
    # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+
    # -----------------------------------------------------------------------------------
    _l="/etc/login.defs"
    _p="/etc/passwd"
     
    ## get mini UID limit ##
    l=$(grep "^UID_MIN" $_l)
     
    ## get max UID limit ##
    l1=$(grep "^UID_MAX" $_l)
     
    ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin   ##
    awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max  && $7 != "/sbin/nologin" ) "$_p"

    Sample outputs:

    vivek:x:500:500::/home/vivek:/bin/bash
    raj:x:501:501::/home/raj:/bin/ksh
    ash:x:502:502::/home/ash:/bin/zsh
    jadmin:x:503:503::/home/jadmin:/bin/sh
    wwwint:x:506:506::/htdocs/intranet:/bin/bash
    scpftp:x:507:507::/htdocs/ftpjail:/bin/bash
    rsynftp:x:508:508::/htdocs/projets:/bin/bash
    mirror:x:509:509::/htdocs:/bin/bash
    jony:x:510:510::/home/jony:/bin/ksh
    amyk:x:511:511::/home/amyk:/bin/ksh

    Finally, this script lists both system and users accounts:

    #!/bin/bash
    # Name: listusers.bash
    # Purpose: List all normal user and system accounts in the system. Tested on RHEL / Debian Linux
    # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+
    # -----------------------------------------------------------------------------------
    _l="/etc/login.defs"
    _p="/etc/passwd"
     
    ## get mini UID limit ##
    l=$(grep "^UID_MIN" $_l)
     
    ## get max UID limit ##
    l1=$(grep "^UID_MAX" $_l)
     
    ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin   ##
    echo "----------[ Normal User Accounts ]---------------"
    awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max  && $7 != "/sbin/nologin" ) print $0 }' "$_p"
     
     
     
    echo ""
    echo "----------[ System User Accounts ]---------------"
    awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( !($3 >= min && $3 <= max  && $7 != "/sbin/nologin")) print $0 }' "$_p"

    Sample outputs:

    ----------[ Normal User Accounts ]---------------
    vivek:x:500:500::/home/vivek:/bin/bash
    raj:x:501:501::/home/raj:/bin/ksh
    ash:x:502:502::/home/ash:/bin/zsh
    jadmin:x:503:503::/home/jadmin:/bin/sh
    wwwint:x:506:506::/htdocs/intranet:/bin/bash
    scpftp:x:507:507::/htdocs/ftpjail:/bin/bash
    rsynftp:x:508:508::/htdocs/projets:/bin/bash
    mirror:x:509:509::/htdocs:/bin/bash
    jony:x:510:510::/home/jony:/bin/ksh
    amyk:x:511:511::/home/amyk:/bin/ksh
    
    
    ----------[ System User Accounts ]---------------
    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:/sbin/nologin
    daemon:x:2:2:daemon:/sbin:/sbin/nologin
    adm:x:3:4:adm:/var/adm:/sbin/nologin
    lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
    halt:x:7:0:halt:/sbin:/sbin/halt
    mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
    uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
    operator:x:11:0:operator:/root:/sbin/nologin
    games:x:12:100:games:/usr/games:/sbin/nologin
    gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
    ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
    nobody:x:99:99:Nobody:/:/sbin/nologin
    dbus:x:81:81:System message bus:/:/sbin/nologin
    vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
    abrt:x:173:173::/etc/abrt:/sbin/nologin
    haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
    ntp:x:38:38::/etc/ntp:/sbin/nologin
    saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
    postfix:x:89:89::/var/spool/postfix:/sbin/nologin
    apache:x:48:48:Apache:/var/www:/sbin/nologin
    webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    tcpdump:x:72:72::/:/sbin/nologin
    mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
    memcached:x:498:496:Memcached daemon:/var/run/memcached:/sbin/nologin
    squid:x:23:23::/var/spool/squid:/sbin/nologin
    rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
    rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
    nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
 

or Sign Up to reply!