Quick Links
Key Takeaways
- You can list user accounts on Linux using commands like "cat /etc/passwd" or "getent passwd".
- Extraneous and unused accounts just add clutter to your system, and they may even present a security risk, depending on your situation.
Linux is a multiuser operating system, so creating numerous user accounts is easy. Over time, it's easy to lose track of which accounts are required. Listing user accounts helps you manage them.
Why Care About Extra User Accounts?
Usually, extra accounts just add clutter, but they can also open up security vulneraiblities.
Advances in technology often bring their own new problems. As soon as computers were able to support multiple users, the need to ring-fence and encapsulate each person's work from everyone else became apparent. This led to the concept of user accounts. Each user has a named ID and a password. These are the credentials that let them log into their account. Their files are kept in an area that is private to each user.
On a busy system, it is easy to lose sight of which accounts you have created, and which are no longer needed. From a security point of view, it is bad practice to keep user accounts that you no longer need to be configured and accessible on your computer. You should remove those users.
Even if you don't have other people using your computer you might have created some accounts just to learn how to do it, or to learn and practice administration processes.
The first step is to list the user accounts that are configured on your computer. That lets you review them and make a judgment call on which can be deleted. There are several methods to list users. No matter which distribution you're using, these techniques should work for you without needing to install any applications or utilities.
List Users With the cat Command
A list of the configured users is maintained, along with information about each user, in the "/etc/passwd" file. This is a text file that regular users can list to the terminal window. You don't need to use sudo
to look into the "/etc/passwd" file.
We can use the cat
command to send the contents of the "/etc/passwd" file to the terminal window. This will list the entire contents of the file. This means you'll also see the entries for user accounts that are owned by processes and the system, not by people.
cat /etc/passwd
There's a line of dense information reported for each user account.
The information for the user account called "dave" contains these pieces of information, with colons ":
" between them.
- dave: The name of the user account. Usually the name of the person who owns the account.
- x: At one time, this held the password for the account. Nowadays, passwords are stored in the "/etc/shadow" file. The "x" means the password is in that file.
- 1000: The user ID for this account. All user accounts have a unique numeric ID. Regular user accounts usually start at 1000, with each new account taking the next free ID, such as 1001, 1002, and so on.
- 1000: The group ID of the default group the user belongs to. In normal circumstances, the default group has the same value as the user ID.
- dave,,,: A collection of optional extra information about the user. This field contains data with commas "
,
" between them. They can hold things like the full name of the user, their office number, and their telephone number. The entry for user account "mary" shows her full name is Mary Quinn. - /home/dave: The path to the user's home folder.
- /bin/bash: The default shell for this user.
If we pipe the output from this command through the wc
utility and use the -l
(lines) option we can count the lines in the file. That'll give us the number of accounts configured on this computer.
cat /etc/passwd | wc -l
That figure includes the system accounts and users created by applications. There are about 400 regular users configured on this computer. Your result is likely to be a lot less.
With that many accounts, it's more convenient to use less
to view the "/etc/passwd" file.
less /etc/passwd
Using less
also allows you to search within the output, should you want to look for a particular user account.
The awk Command
Using the awk
command we can display just the username. This can be useful when you're writing a script that needs to do something to a lot of user accounts. Listing the user account names and redirecting them into a text file can be a great time saver. All you need to do then is copy and paste the rest of the command onto each line.
We'll tell awk to use the colon ":" as the field separator, and to print the first field. We'll use the -F (field separator) option.
awk -F: '{print $1}' /etc/passwd
The user account names are written to the terminal window without any of the other account information.
The cut Command
We can achieve the same sort of thing using the cut
command. We need to use the -d
(delimiter) option and ask it to select the first field only, using the -f
(fields) option.
cutr -d: -f1
This lists all of the user accounts, including the system and other non-human accounts.
The compgen Command
The compgen
command can be used with the -u
(user) option to list the user accounts. We'll pipe the output through the column
command to list the user accounts in columns, instead of one long list with a single user name per line.
compgen -u | column
Again, the first user accounts listed belong to processes, not humans.
UID MIN and UID MAX
User accounts are given a numeric ID, which we saw earlier. Usually, the regular human user accounts start at 1000, and the system, non-human, user accounts start at 0. The ID of the root account is 0.
If we can verify the lowest and highest possible user IDs, we can use that information to select the user accounts that are between those two values. That will let us select only the user accounts belonging to real people.
Linux keeps track of these two values using configuration parameters called UID_MIN
and UID_MAX
. These are held in the "/etc/login.defs" file. We can easily see these values using grep
.
We're going to use the -E
(extended regex) option. Our search string looks for lines that begin with "UID_MIN" or "UID_MAX" in the "/etc/login.defs" file. The caret "^
" represents the beginning of a line.
grep -E '^UID_MIN|^UID_MAX' /etc/login.defs
The range for user IDs on this computer is from 1000 to 60,000.
The getent Command
The getent
command reads information from system databases. We can tell it to list the entries in the "/etc/passwd" file by using "passwd" as a parameter.
getent passwd
This gives us the same readout we can get using cat
. But where getent
shines is by accepting values known as "keys." A key dictates which information getent
reports on. If we want to see the entry for a single user, we can pass in their user account name on the command line.
getent passwd Sarah
Note that the user account name is case-sensitive.
getent passwd sarah
We can also pass in the upper and lower limits of the user account IDs we want to see. To see absolutely all the regular user accounts, we can use the values from UID_MIN
and UID_MAX
.
getent passwd {1000..60000}
This takes some time to run. Eventually, you'll be returned to the command prompt.
The reason for the long execution time is that getent
tries to find matches for all of the user account values right up to 60000.
Let's see what the highest user account ID is. We'll use the cut
command, but this time we'll ask for field three, the user ID field. We'll pipe the output through sort
and use the -g
(general numeric sort) option.
cut -d: -f3 /etc/passwd | sort -g
The highest ID value of a human-owned user account is 1401.
User id 65534 is assigned to the system concept of "nobody."
getent passwd {65534..65534}
So we know that instead of using the UID_MAX
value of 60000, on this computer we can use a more realistic value like 1500. That'll speed things up nicely. We'll also pipe the output through cut
to extract just the names of the user accounts.
getent passwd {1000..1500} | cut -d: -f1
The users are listed and we're returned immediately to the command prompt.
Instead of piping the output through cut
, let's pipe the output through wc
and count the lines once more. That'll give us the number of "real" user accounts.
getent passwd {1000..1500} | wc -l
We can now see that on this computer, definitively, there are 400 configured, human-owned, user accounts.
Power and Simplicity
One of these techniques is sure to suit your needs when you need to review the user accounts on a Linux computer. These commands should be present on all distributions, and none of them require sudo
access, so they are all available to every user.