Skip to Content

2 ways to list all users in Linux

Linux is designed to be a multi-user operating system, allowing multiple users to access and utilize the system concurrently.

To effectively list the users on a Linux system, two powerful methods come into play: using the “cat /etc/passwd” command and using the the “getent” command.

In this article, we’ll explore these methods that allow you to effortlessly retrieve a comprehensive list of all users present on a Linux system.

List all the users in Linux with cat /etc/passwd command

The command cat /etc/passwd is our quickest route to viewing all the users in Linux system. The /etc/passwd file is a text-based database of information about users that can log into the system. The ‘cat’ command is used to view the contents of this file, and each line in this file represents a user account.

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

Open the terminal, and type the following command:

cat /etc/passwd

The system outputs the entire file with all the users on the system.

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
nobody:x:601:601:Nobody:/:/sbin/nologin

But you might be wondering, “What exactly does each line of this file mean?”

Well, each line contains seven fields separated by colons, giving detailed information about each user. They include the username, password (usually represented as an ‘x’), user ID (UID), group ID (GID), a brief description of the user, the user’s home directory, and the shell used by the user.

Now, don’t you agree that’s a wealth of information right at your fingertips?

Let’s break down an example entry:

john:x:1001:1001:John Doe:/home/john:/bin/bash

Username: “john” – This field specifies the username associated with the account. It is used for user identification.

Password Placeholder: “x” – In modern Linux systems, the actual password is stored in a separate file, such as “/etc/shadow”. The “x” indicates that the password is stored in the shadow file.

User ID (UID): “1001” – The UID is a unique numeric identifier assigned to each user. It helps the system differentiate between users and assign appropriate permissions.

Group ID (GID): “1001” – The GID represents the primary group to which the user belongs. The group information is stored in the “/etc/group” file.

User Information: “John Doe” – This field typically contains additional information about the user, such as the user’s full name.

Home Directory: “/home/john” – It specifies the absolute path to the user’s home directory. This is where the user typically stores personal files and configurations.

Login Shell: “/bin/bash” – The login shell defines the default command interpreter or shell that is used when the user logs in.

Each entry in “/etc/passwd” represents a distinct user account on the system, allowing the operating system to manage user permissions, access rights, and other related information for each individual user.

To list all the usernames in the “/etc/passwd” file, we can use various command-line tools. Here are a few common methods:

Using the “cut” command:

cut -d: -f1 /etc/passwd

This command uses the “cut” command with “:” (colon) as the delimiter and extracts the first field (-f1), which represents the username, from the “/etc/passwd” file.

Using the “awk” command:

awk -F: '{print $1}' /etc/passwd

The “awk” command separates each line in the “/etc/passwd” file based on the “:” delimiter (-F:) and prints the first field ($1), which corresponds to the username.

Using the “grep” command:

grep -o '^[^:]*' /etc/passwd

This “grep” command matches the start of each line (^) until the first occurrence of “:” and prints the matched portion ([^:]*) from the “/etc/passwd” file.

To search for a specific user in the “/etc/passwd” file, you can use the “grep” command. Here’s an example:

grep "username" /etc/passwd

Replace “username” with the actual username you want to search for. This command will search the “/etc/passwd” file for lines that contain the specified username and display those lines as output.

If the user is found, you will see the corresponding entry from the “/etc/passwd” file, which includes details like the username, user ID (UID), group ID (GID), user information, home directory, and login shell.

If the user is not found, there will be no output displayed.

Note: The “grep” command is case-sensitive. So, make sure to provide the username exactly as it appears in the “/etc/passwd” file.

Here is another tip. By piping the output of the “cat /etc/passwd” command to “wc -l”, you can get a quick and convenient way to view the number of users on your Linux system. This can be helpful for obtaining a simple count without listing the actual usernames.

For example,

Let’s say you run the command:

cat /etc/passwd | wc -l

The output you receive is:

20

In this case, the number “20” indicates that there are a total of 20 lines (entries) in the “/etc/passwd” file. Since each line represents a user account, you can believe that there are 20 users listed in the file.

Command Description
cut -d: -f1 /etc/passwd Retrieves a list of all usernames from the “/etc/passwd” file. The command uses “:” as the delimiter and selects the first field (username).
awk -F: ‘{print $1}’ /etc/passwd Prints a list of all usernames from the “/etc/passwd” file. The command uses “:” as the delimiter and selects the first field (username).
grep -o ‘^[^:]*’ /etc/passwd Extracts and displays a list of all usernames from the “/etc/passwd” file. The command matches the portion before the first “:” on each line.
grep “username” /etc/passwd Searches for a specific user in the “/etc/passwd” file. Replace “username” with the actual username.
cat /etc/passwd | wc -l Counts the number of lines (users) in the “/etc/passwd” file using the “wc” command, which is then displayed as the total number of users.
cat /etc/passwd Prints the contents of the “/etc/passwd” file, which includes user account information such as usernames, UIDs, GIDs, home directories, etc.

List all the users in Linux with getent passwd command

What if there’s another way to list all the users in Linux, you may ask? Indeed, there is! You can also use the getent passwd command.

The ‘getent’ command displays entries from databases supported by the Name Service Switch libraries, which include the passwd database.

This command retrieves the same information as the cat /etc/passwd command, but with an advantage – it also fetches user information from other sources like NIS or LDAP, if configured.

List the entire contents of the passwd database by typing:

getent passwd

The output is the same as the output of the cat command.

The primary advantage of using getent passwd over directly reading the /etc/passwd file (like with cat /etc/passwd) is that getent will fetch user information from all sources, including local and remote resources, such as NIS, LDAP, and others, if they’re configured. In contrast, cat /etc/passwd only fetches local user information.

The “getent” command is another useful way to search for specific users. Here’s an example of how to use it:

getent passwd username

Replace username with the actual username you want to search for. When you execute this command, it checks the system’s user database (local and remote) and displays the related passwd entry line if the user exists.

Here is one example:

getent passwd tocao
tocao:VAS:385552:385552:David Cao:/users/tocao:/bin/bash

To retrieve a specific user by their UID (User ID), you can use the getent command with the passwd database and the UID as the argument. Here’s an example:

getent passwd [uid]

Replace [uid] with the actual UID of the user you want to search for. When you execute this command, it searches the system’s user database (including /etc/passwd and other configured sources like LDAP or NIS) and displays the corresponding entry for the user with the specified UID.

Here is another useful command. It allows you to efficiently retrieve a range of user entries based on their UIDs in a single command.

getent passwd {[first-UID]..[last-UID]}

{[first-UID]..[last-UID]}: This denotes a range of UIDs to search within. [first-UID] represents the starting UID, and [last-UID] represents the ending UID.

Executing this command will search the system’s user database and display all the user entries whose UIDs fall within the specified range.

getent passwd {0..1000}

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin

 

Command Description
getent passwd Lists all users on the system (local and remote), along with details like UID, GID, home directory, and default shell.
getent passwd <username> Returns the details of a specific user. Replace <username> with the actual username.
getent passwd <UID> Returns the details of a user based on their User ID (UID). Replace <UID> with the actual UID.
getent passwd {<first-UID>..<last-UID>} Returns the details of users within a range of UIDs. Replace <first-UID> and <last-UID> with the actual UIDs.
getent passwd |awk -F: ‘{print $1,$6}’ Retrieves the usernames and their corresponding home directories. 
getent passwd |awk -F: ‘{print $1,$7}’ Retrieves the usernames and their corresponding default shells. 

 

Now, do you wonder which method to choose? That entirely depends on your specific use-case. If you are confident that all users are local to your system, cat /etc/passwd should suffice. However, if your users can come from other databases, using getent passwd would be the wiser option.

Case Study

Recently, I noticed something strange. There were many unknown login attempts on our server. This worried me because it could mean a security risk or even an attack on our system.

To figure out what was happening, I decided to check all the user accounts on our Linux server. I wanted to see if they were all valid and look for any that seemed suspicious.

As the user list rolled out on the screen, my eyes were keenly locked on each detail. I was on high alert for strange usernames or any accounts with unusual privileges.

My mission was clear – to make sure that only approved and legitimate users could enter our server.

With each line that passed my inspection, relief started to replace the initial tension. The usernames belonged to my dependable colleagues and system admins, like markers of safety in the digital sea.

But I didn’t let my guard down, knowing that a single malicious account could put our server at risk.

Finally, as I reached the list’s end, it became clear – all users were verified and there were no intruders hiding in plain sight. This gave me a clearer view of our system’s landscape and allowed me to focus on fortifying our digital walls against future cyber threats.