/etc/passwd file contains one line for each user account, with seven fields delimited by colons. This is a text file. You can easily list users using the cat command as follows: $ cat /etc/passwd
Sample outputs:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh .... .. ...
OR use pages as follows to view /etc/passwd file: $ more /etc/passwd $ less /etc/passwd
Sample outputs:
All fields are separated by a colon (:) symbol. Total seven fields exists. The first field is username. It is used when user logs in. It should be between 1 and 32 characters in length.
Task: Linux List Users Command
To list only usernames type the following awk command: $ awk -F':' '{ print $1}' /etc/passwd
Sample outputs:
root daemon bin sys sync games man lp mail news .... .. ..hplip vivek bind haldaemon sshd mysql radvd
A Note About System and General Users
Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter: $ grep "^UID_MIN" /etc/login.defs $ grep UID_MIN /etc/login.defs
Sample outputs:
UID_MIN 1000 #SYS_UID_MIN 100
1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:
## get UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## use awk to print if UID >= $UID_LIMIT ## awk -F':' -v "limit=${l##UID_MIN}" '{ if ( $3 >= limit ) print $1}' /etc/passwd
To see maximum values for automatic uid selection in useradd command, enter: awk -F’:’ -v «min=${l##UID_MIN}» -v «max=${l1##UID_MAX}» ‘{ if ( $3 >= min && $3 <= max ) print $0}’ /etc/passwd$ grep "^UID_MAX" /etc/login.defs
Sample outputs:
UID_MAX 60000
In other words all normal system users must have UID >= 1000 (MIN) and UID <= 60000 (MAX) and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined/etc/shells file. Here is an updated code:
## get mini UID limit ## l=$(grep "^UID_MIN" /etc/login.defs) ## get max UID limit ## l1=$(grep "^UID_MAX" /etc/login.defs) ## use awk to print if UID >= $MIN and UID <= $MAX ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh jwww:x:504:504::/htdocs/html:/sbin/nologin wwwcorp:x:505:505::/htdocs/corp:/sbin/nologin wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
/sbin/nologin is used to politely refuse a login i.e. /sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or you do not want user to login into system using ssh. To filter /sbin/nologin, enter:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) "$_p"
Sample outputs:
vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh
Finally, this script lists both system and users accounts:
#!/bin/bash # Name: listusers.bash # Purpose: List all normal user and system accounts in the system. Tested on RHEL / Debian Linux # Author: Vivek Gite <www.cyberciti.biz>, under GPL v2.0+ # ----------------------------------------------------------------------------------- _l="/etc/login.defs" _p="/etc/passwd" ## get mini UID limit ## l=$(grep "^UID_MIN" $_l) ## get max UID limit ## l1=$(grep "^UID_MAX" $_l) ## use awk to print if UID >= $MIN and UID <= $MAX and shell is not /sbin/nologin ## echo "----------[ Normal User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) print $0 }' "$_p" echo "" echo "----------[ System User Accounts ]---------------" awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( !($3 >= min && $3 <= max && $7 != "/sbin/nologin")) print $0 }' "$_p"
Sample outputs:
----------[ Normal User Accounts ]--------------- vivek:x:500:500::/home/vivek:/bin/bash raj:x:501:501::/home/raj:/bin/ksh ash:x:502:502::/home/ash:/bin/zsh jadmin:x:503:503::/home/jadmin:/bin/sh wwwint:x:506:506::/htdocs/intranet:/bin/bash scpftp:x:507:507::/htdocs/ftpjail:/bin/bash rsynftp:x:508:508::/htdocs/projets:/bin/bash mirror:x:509:509::/htdocs:/bin/bash jony:x:510:510::/home/jony:/bin/ksh amyk:x:511:511::/home/amyk:/bin/ksh ----------[ System User Accounts ]--------------- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:499:"Saslauthd user":/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash memcached:x:498:496:Memcached daemon:/var/run/memcached:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin