On Linux, as a system administrator, you often want to have a complete list of all the users and all the groups on your host.

It is quite crucial for security purposes to make sure that you have the correct amount of users and that you didn’t forget to delete some.

There are several ways to list users and groups on Linux.

First, you can read the passwd and the group file on your system, with cut commands to extract useful information.

A more effective way is to use the getent command that relies on the Name Service Switch, a Unix-based facility to define custom databases on your host.

Here is how you can list users and groups on Linux.

List Users on Linux

In order to list users on Linux, you have to execute the “cat” command on the “/etc/passwd” file. When executing this command, you will be presented with the list of users currently available on your system.

Alternatively, you can use the “less” or the “more” command in order to navigate within the username list.

$ cat /etc/passwd

$ less /etc/passwd

$ more /etc/passwd

You will be presented with a list of users currently available on your system.

Note : it does not mean that users are connected right now!

List Users on Linux etc-passwd

But what do the columns of the passwd file even mean?

list-users-linux

As a quick side note, an “x” in the password column means that the password is encrypted and it is to be found in the /etc/shadow file.

Now that you know how to list users on your Linux host, let’s see how you can effectively isolate a list of usernames.

List Usernames using the /etc/passwd file

As you probably noticed, the /etc/passwd file is made of lines separated by colons.

a – List Usernames using cut

In order to list usernames on Linux, use the “cat” command and pipe it to the “cut” command in order to isolate usernames available in the first column of your file.

To achieve that, run the following command

$ cat /etc/passwd | cut -d: -f1

First, you are printing a list of all records in the passwd file. Next, those results are piped (using Linux pipes and redirection) to the cut command.

The cut command defines a custom separator (with the d option) that is equal to the colon character.

Finally, we are isolating the first field of the results we are getting. In this case, this is equal to the usernames as defined by our schema on the passwd columns.

a – List Usernames using cut cut-options

b – List Usernames using awk

In order to list usernames on Linux, you can also use the “cat” command piped with the “awk” command that is similar to the “cut” command that we have seen before.

As a reminder, the awk command (or mawk) is an interpreter for the AWK programming language.

AWK is a programming language designed to ease data extract and manipulation for data streams.

It is widely used on Unix-based systems when text structures are quite complicated and cannot be separated with a single command.

To list usernames on Linux using the awk interpreter, run the following command

$ cat /etc/passwd | awk -F: '{print $1}'

b – List Usernames using awk -list

List Users on Linux using getent

The easiest way to list users on Linux is to use the “getent” command with the “passwd” argument and specify an optional user that you want to list on your system.

getent passwd <optional_user>

As a reminder, the getent command retrieves entries from Name Service Switch databases.

The Name Service Switch is a Unix utility that retrieves entries from a set of different datasources such as files, LDAP, a DNS server or a Network Information Service.

The list of all the datasources available can be read from the nsswitch.conf file located at /etc.

List Users on Linux using getent nsswitch

In our case, it can be used in order to list users and groups easily on our Linux host.

To list users using the getent function, run the following command

$ getent passwd

getent-passwd

a – List Usernames with getent

Similarly to the previous section, it is possible to list only usernames when interacting with the getent command.

To achieve that, you can alternatively execute the cut command or the awk command in the following way.

$ getent passwd | cut -d: -f1

Or with AWK

$ getent passwd | awk -F: '{print $1}'

a – List Usernames with getent-passwd

List Connected Users on your Linux host

As mentionned previously, inspecting the passwd file, either with less or with getent, does not provide you with a list of all the connected users on your host.

To achieve that, you are going to use the who command.

$ who

List Connected Users on your Linux host who

As you can see, you are provided with a list of users currently connected on your host along with the shell they are using and when they connected.

Alternatively, you can use the users command to achieve the same result with less details.

$ users
devconnected john

Pretty handy!

Now that we have seen how we can list users on a Linux host, let’s see how we can apply the same knowledge to list groups on your system.

List Groups on Linux using the /etc/group file

In order to list groups on Linux, you have to execute the “cat” command on the “/etc/group” file. When executing this command, you will be presented with the list of groups available on your system.

Use one of the following commands to list groups on your system.

$ cat /etc/group

$ less /etc/group

$ more /etc/group
List Groups on Linux using the etc group file
But what do the columns of the group file even represent?

Let’s take a complete line on the group file to inspect it.

List Groups on Linux using the etc group file group-users

As you can see, similarly to the passwd file, the entries are separated by colons. They are fairly easy to understand.

List Groups on Linux using the etc group file etc-group-file

Note : the password field is not used most of the time, it is reserved to create privileged groups on your system.

List Groupnames using the /etc/group

As you can see, inspecting the /etc/group gives you a complete and sometimes too detailed listing of all the groups on your system.

However, you sometimes want to isolate the groupnames on your group file.

To achieve that, you can either use the cut command or the AWK command.

$ cat /etc/group | cut -d: -f1

List Groupnames using the etc group cut-etc-group

$ cat /etc/group | awk -F: '{print $1}'

List Groupnames using the etc group cut-etc-group-awk

You can of course choose to isolate one group if you want to see which users belong to the group you are targeting.

$ cat /etc/group | grep <group>

List Groupnames using the etc group isolate-one-group

List Groups using getent

Again, you can choose to list groups on Linux by using the getent command.

$ getent <database> <key>

Here, we are interested in the “group” database.

If you choose not to provide a key, you will be provided with the entire group file.

$ getent group

List Groups using getent getent-group

Similarly to the passwd database, you can choose to “target” one specific group by providing a key to the getent function.

$ getent group sudo

List Groups using getent getent-group-sudo

List Groups for the current user

The groups commands is used to get a list of groups a specific user is in.

$ groups <username>

If provided with no arguments, it will return the groups for the user that launched the command.

List Groups for the current user groups

To prove that it provides the groups for the user that launched the command, try to launch the command with sudo privileges.

$ sudo groups

List Groups for the current user sudo-groups

The result is.. root! Because the command is executed as root and root only belongs to one group which is the root group.

Conclusion

In this tutorial, you learnt how you can list users and groups on any Linux based system.

You learnt more about specific configuration file like passwd and group, as well as the getent command for Name Service Switch facilities.

Again, if you are interested in Linux system administration, we have tons of tutorials on the subject in our Linux System Administration category.

Click the image below to check them.

Leave a Reply

Your email address will not be published. Required fields are marked *