Another very common request, both form my Unix/Linux beginner users and from the visitors to Unix Tutorial blog. Usually, user list is needed because you plan on doing something with it – so please leave a comment and let me know what it is. Who knows, there might be a quicker and easier way of doing the same!

List all users with getent

This is probably the quicked and easiest way of getting the list of users in your Linux system, along with most relevant info about each of them:

greys@ec2 ~]$ getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:997:995:User for polkitd:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
chrony:x:996:993::/var/lib/chrony:/sbin/nologin
centos:x:1000:1000:Cloud User:/home/centos:/bin/bash

IMPORTANT: if your Linux system is part of an AD or LDAP infrastructure, the getent passwd command will get you all the users in AD, rather than just those locally created on your Linux server.

List all users from /etc/passwd

You can also just look at the contents of the /etc/passwd file: it will look very similar to the getent output:

[greys@ec-ws1 ~]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:997:995:User for polkitd:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
chrony:x:996:993::/var/lib/chrony:/sbin/nologin
centos:x:1000:1000:Cloud User:/home/centos:/bin/bash

Extract usernames from passwd with awk

All these lists are fine, but they’re not easily actionable in scripts or any other command line processing in Unix. The reason for this is, of course, because we’re getting too much information: instead of just the list of usernames, we’re looking at lots of passwd fileds like full name, user id, group if, user shell and so on.

So the next step is probably extracting usernames from the output we received. Here’s how we can do it: we’ll use the awk field separator to split fields.

Here’s the result:

[greys@ec-ws1 ~]$ cat /etc/passwd | awk -F: '{print $1}'
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator
games
ftp
nobody
avahi-autoipd
systemd-bus-proxy
systemd-network
dbus
polkitd
rpc
tss
rpcuser
nfsnobody
postfix
sshd
chrony
centos

That’s it for today! Stay tuned for more!

See Also

• User management commands
• How To: get username from UID
• getent command
• awk delimiter

If you need to find all the files owned by a certain Unix user or group in a given directory, it’s actually very easy to do using find command.

How to find files owned by a user

If you know the username, this is the command you might use to locate all the files which belong to it:

ubuntu$ find /var -user www-data
/var/cache/apache2/mod_disk_cache
/var/lib/awstats
...

In this case, we’re looking for all the files and directories owned by a webserver used www-data under /var.

Find files owned by a Unix group

If you’re doing a broader search, you may be interested in identifying all the files owned by a Unix group. Here’s how you can do it:

ubuntu$ find /usr -group staff
/usr/local/lib/site_ruby
/usr/local/lib/site_ruby/1.8
/usr/local/lib/site_ruby/1.8/x86_64-linux
/usr/local/lib/python2.5
/usr/local/lib/python2.5/site-packages
/usr/local/lib/python2.4
/usr/local/lib/python2.4/site-packages
/usr/local/share/fonts

In this example, we’re using find to locate all the files in /usr owned by the staff group.

Locate files by UID or GID

If you’re more comfortable dealing with Unix user IDs (UIDs) and group IDs (GIDs), you can use them with find command as well. In this example, I’m looking for the temporary files created by myself (my UID on that system is 1000):

ubuntu$ find /var/tmp -uid 1000
/var/tmp/photos.rar
/var/tmp/mysql.tar.gz
...

I presume this post answers your questions on the topic, but do let me know if there’s anything else you’d like me to explain!

See also:

• Unix commands: find
• How to find an owner of a Unix file
• Finding a location of a directory