List Users In Linux

The short answer

In Unix-like operating systems, the /etc/passwd file is a text-database that stores essential information about user accounts such as their username, groups, home directory, and more.

To get the full list of users registered on the system, you can display this file using the cat command as follows:

$ cat /etc/passwd

Which will produce a similar output:

Understanding the /etc/passwd file format

Each line of the /etc/passwd file defines a user account and consists of 7 fields separated by colons (:):

username:password:uid:gid:description:home:shell

Where:

• username is the name of the user account.
• password is the password of the user account, which is usually displayed as an x for security reasons. Note that the actual password is stored in the /etc/shadow file.
• uid or user ID is a unique numerical identifier assigned to each user.
• gid or group ID is the numerical identifier of the user’s primary group.
• description is an optional string providing additional information about the user like their full name or contact information.
• home is the path of the user's home directory (e.g., /home/johndoe).
• shell is the path of the user’s default login shell (e.g., /bin/bash, /bin/zsh).

You can learn more about managing user accounts by reading our other article on how to create a user in Linux.

Listing users from configured databases

To get the list of user accounts defined in the /etc/passwd file as well as other configured user databases such as LDAP (Lightweight Directory Access Protocol) or NIS (Network Information Service), you can use the getent passwd as follows:

$ getent passwd

Note that the output of this command is similar to the format of the /etc/passwd file.

Filtering user accounts information

While both cat /etc/passwd and getent passwd provide the list of user accounts, they might include additional information you don’t necessarily need every time. Linux offers powerful tools like cut and awk to filter and extract specific details from the output.

Listing usernames only

To only retrieve the list of usernames registered on the system without any additional information, you can use the following cut command:

$ cut -d: -f1 /etc/passwd

Where:

• The -d flag is used to split each line into separate tokens delimited by a colon character :.
• The -f1 flag is used to extract the first token from each line.

For example:

$ cut -d: -f1 /etc/passwd
root
daemon
bin
sys
www-data
nobody
johndoe

Easily retrieve this command using Warp’s AI Command Suggestions

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Suggestions feature:

Entering linux list user names only in the AI command search will prompt a command that can then be quickly inserted into your shell by doing CMD+ENTER.

Listing users with a Bash shell

To retrieve the list of usernames registered on the system with Bash as their login shell, you can use the following awk command:

$ awk -F: '$7=="/bin/bash" {print $1}' /etc/passwd

Where:

• -F is used to split each line into separate tokens delimited by a colon character :.
• $7=="/bin/bash" is used as a condition to check whether the seventh field (i.e., the login shell path) matches the string /bin/bash.
• print $1 is used to print the first token (i.e., the username) from that line if the condition is met.

Note that you can easily adapt this command to filter usernames based on any shell by replacing /bin/bash with the path of the desired shell (e.g., /bin/sh).

For example:

$ awk -F: '$7=="/usr/sbin/nologin" {print $1}' /etc/passwd
daemon
bin
sys
www-data
nobody

Listing groups and users

Similar to the /etc/passwd file, the /etc/group file is a text-based database used for managing user accounts and group memberships.

To get the full list of groups and their related users, you can display this file using the cat command as follows:

$ cat /etc/group

Which will produce a similar output:

Alternatively, you can use the following getent command to also include group entries from external sources such as NIS or LDAP:

$ getent group

Understanding the /etc/group file format

Each line of the /etc/group file defines a group and consists of 4 fields separated by colons (:):

group:password:gid:usernames

Where:

• group is the name of the group.
• password is used to implement privileged groups and is usually represented by an x. Note that the actual password is stored in the /etc/gshadow file.
• gid or group ID is a unique number used to identify the group.
• usernames is a comma-separated list of user account names.

Listing a user's group memberships

To get the list of groups a user is a member of, you can use the groups command as follows:

$ groups <username>

Where:

• username is the name of the user.

Which will output the list of groups in the form of a list separated by a space character.

For example:

$ groups johndoe
johndoe : johndoe sudo

Listing users with sudo access

To get the list of users with sudo access (i.e., root privileges), you can use the getent command as follows:

$ getent group sudo

For example:

$ getent group sudo
sudo:x:27:johndoe

You can learn more about sudo users by reading our other article on how to add a user to sudoers in Linux.

Listing active users

Linux offers various means to monitor system activity and check which users are currently logged in or have active processes.

Displaying the currently logged in users

To display information about currently logged in users, including the login name, tty name, date and time of login, you can use the who command as follows:

$ who

For example:

$ who
john           ttys001      Mar 24 11:00
alice          ttys002      Mar 24 11:33

Displaying the current activity of logged in users

To display information about the activity of currently logged in users, including their login name, the terminal name, the host from which the user logged in, the time since the user last typed anything, and the name and arguments of the current process, you can use the w command as follows:

$ w

For example:

$ w
USER     TTY      FROM             LOGIN@  IDLE   WHAT
john     s002        -                      11:33         7         node

Retrieving the last logins of users

This command looks through the wtmp file and prints a historical record of login events on your Linux system. This can be pretty helpful when you want to track down specific user logins or for security audits. You can use the command as follows:

$ last

For example:

$ last
john      ttys000                         Sat Mar 24 08:21   still logged in
alice     ttys000                         Thu Mar 22 16:40 - 16:40  (00:00)