Insider threats are the leading cause of more than 60% of data breaches. That's why you need a complete view of who has access to what in your organization's system, when, and how. If you're using Linux systems, knowing how to list users is essential for user account management and overall system security.
This article will explore nine methods you can use to list users in Linux, from basic file reading to advanced commands. So read on to get the full scoop.
1. Using the '/etc/passwd' File
This is a plain text file that stores information about every known user account in the system. It contains information such as the username, login shell, user home directory, encrypted password, user ID number, group ID, and the user's full name.
This file is the standard authentication method for Linux systems, alongside the "/etc/shadow" file.
To display the list of users in this file, you can use "cat /etc/passwd." This action will display an output that looks like this:
root:x:0:0:root:/root:/bin/bash
joe:x:1001:1001:Joe Smith:/home/joe:/bin/bash
sean:x:1002:1002:Sean Doe:/home/sean:/bin/bash
carlos:x:1003:1003:Carlos Sanchez:/home/carlos:/bin/bash
Each line in the sample "/etc/passwd" file above represents a different user, with fields separated by colons. The first line is typically the root user.
2. Using the 'getent' Command
The "getent" Unix command is commonly used to query various administrative databases managed by the Name Service Switch (NSS) library. It helps administrators retrieve user and group information in databases such as "passwd," "hosts," "protocols," "group," "services," and "networks."
To list users, you can use the "getent passwd" command. This command will return a list of users in a similar format to "cat /etc/passwd" from the previous method. However, the output is usually more detailed because it fetches data from all configured databases.
3. Using the 'awk' Command for Parsing
The "awk" command helps you find specific information or fields from lines in text files, such as "/etc/password."
Its basic syntax is as follows:
awk '{action}' your_file_name.txt
The "{action}" part of the syntax specifies what "awk" should do with each line, such as printing it in full or printing just the first and second fields of each line. The "your_file_name.txt" part represents the name of the text file for which "awk" should perform the specified action.
Take, for instance, the command below:
awk -F: '{print $1}' /etc/passwd
This command tells "awk" to print only the first field (the username) from each line in "/etc/passwd." The "-F:" flag specifies the field delimiter.
Therefore, the output for this command would look like:
root
joe
sean
carlos
4. Using the 'cut' Command for Simplicity
This command is much simpler than the "awk" command. It lets you extract specific text or fields from text files or input streams.
For instance, if you want to extract just the list of usernames from the "/etc/passwd" file, you can use the following command:
cut -d: -f1 /etc/passwd
This command extracts the first field, which is the username. It uses the "-d:" option to specify that the colon is the field delimiter.
The result will be in a single column, as shown below:
root
joes
sean
carlos
5. Using the 'compgen' Command
This is yet another command you can use to list users in Linux. It’s a built-in shell command that lets you quickly access your Linux system’s command list. You can also use this command to print Bash details, such as aliases and user accounts.
The basic syntax for the "compgen" command is "compgen [option]."
To use this command to list users from the "/etc/passwd" file, you can use:
compgen -u
This will, again, list usernames as shown below:
root
joe
sean
carlos
6. Using the 'lslogins' Command (for Linux Systems With util-linux)
The "lslogins" command is part of the util-linux package, a collection of utilities that are essential for system management. It lets you display information about all of the users in the Linux system.
This command scans "/etc/passwd," "/etc/shadow," and the "wtmp" and "btmp" logs. The output of this command offers comprehensive user details, including login count, last login time, and more.
Here’s an example of an output after "lslogins" is run:
UID LOGIN GECOS HOME SHELL Login Count Last Login
------------------------------------------------------------------------------------
0 root root /root /bin/bash 150 2024-11-13 22:45
1001 joe Joe Smith /home/joe /bin/bash 45 2024-11-13 08:23
1002 sean Sean Doe /home/sean /bin/bash 22 2024-11-10 12:15
If you want to list only user accounts, you can use the "-u" option:
lslogins -u
7. Using the 'getent' Command With LDAP Integration
If your Linux system has a Lightweight Directory Access Protocol (LDAP) integration, you can use the "getent" command. This integration means that administrators can centrally manage user accounts through LDAP.
The "getent" command allows you to pull user data from across the network—not just the local machine.
To do this, you can use the following command:
getent passwd | grep ldap
The command above will give you an output similar to this one:
Username UID GID Full Name Home Directory Shell Source
-------------------------------------------------------------------------------
root 0 0 root /root /bin/bash Local
joe 1001 1001 Joe Smith /home/joe /bin/bash Local
sean 1002 1002 Sean Doe /home/sean /bin/bash Local
carlos 1003 1003 Carlos Sanchez /home/carlos /bin/zsh Local
maria 2001 2001 Maria Garcia /home/maria /bin/bash LDAP
emma 2002 2002 Emma Thompson /home/emma /bin/bash LDAP
8. Using GUI Tools
You can also list users in Linux by leveraging graphical tools.
If your Linux system has a GNOME graphical interface, here’s how to go about it:
- Click “Overview” from the system settings.
- Type “settings” and click on the available option.
- Select “Users” then “Unlock.”
- The new window that appears will have options such as listing existing accounts, creating new ones, and editing them.
9. Checking Active and Currently Logged-In Users
User management also involves real-time monitoring, which involves checking logged-in users and their activities. To do this, you can use Linux commands like "who" and "w."
The "who" command lists currently logged-in users along with their session details, while "w" provides information about the user’s activities.
How StrongDM Helps With Listing Users in Linux
User access management doesn’t have to be complex. Sure, the methods we’ve discussed in this guide are helpful. However, without technical knowledge, you may end up spending too much time trying to figure things out.
StrongDM provides an intuitive approach for managing user access, including listing users. We centralize access management so you can get a unified view of who has access to what and when. Additionally, StrongDM lets you automate access provisioning, which is essential for minimizing your security risks while boosting your efficiency.
Book a demo today to experience StrongDM in action.
