BLOG POSTS
How to View System Users in Linux on Ubuntu

How to View System Users in Linux on Ubuntu

Understanding how to view system users in Linux, particularly on Ubuntu systems, is a fundamental skill for system administrators and developers working with multi-user environments. Whether you’re managing user permissions, troubleshooting access issues, or conducting security audits, knowing who has access to your system and what type of accounts exist is crucial for maintaining proper system security and organization. This guide will walk you through various methods to examine system users, from basic commands to advanced techniques, helping you master user management on Ubuntu systems.

Understanding Linux User Types and Structure

Before diving into the commands, it’s important to understand that Linux systems have different types of users stored in the system. Ubuntu, like most Linux distributions, categorizes users into several types:

  • System users – Used by system services and daemons (typically UID 0-999)
  • Regular users – Human users with login capabilities (typically UID 1000+)
  • Service users – Dedicated accounts for specific applications or services
  • Root user – The superuser account with UID 0

All user information is primarily stored in the /etc/passwd file, with password hashes (if using local authentication) stored in /etc/shadow, and group information in /etc/group.

Basic Commands to View System Users

The most straightforward way to view all users on your Ubuntu system is by examining the /etc/passwd file. Here are the essential commands every administrator should know:

# View all users in the system
cat /etc/passwd

# Display users in a more readable format
cat /etc/passwd | column -t -s:

# Show only usernames
cut -d: -f1 /etc/passwd

# Display users with their UIDs
cut -d: -f1,3 /etc/passwd | column -t -s:

The /etc/passwd file contains seven colon-separated fields for each user:

username:password:UID:GID:GECOS:home_directory:shell

For example, a typical entry might look like:

john:x:1001:1001:John Doe,,,:/home/john:/bin/bash

Advanced User Viewing Techniques

For more sophisticated user management tasks, you’ll want to filter and sort user information. Here are some advanced techniques:

# Show only regular users (UID >= 1000)
awk -F: '$3 >= 1000 {print $1, $3}' /etc/passwd

# Display users with bash shell access
grep "/bin/bash" /etc/passwd | cut -d: -f1

# Show users sorted by UID
sort -t: -k3 -n /etc/passwd

# Find users with no password set (potentially security risk)
sudo awk -F: '($2 == "") {print $1}' /etc/shadow

# Display users with their last login information
lastlog | grep -v "Never"

You can also use the getent command, which queries the Name Service Switch libraries and can pull user information from various sources including LDAP, NIS, or local files:

# Display all users via NSS
getent passwd

# Show specific user information
getent passwd username

# Display users in a specific UID range
getent passwd {1000..1010}

Using Built-in Tools and Utilities

Ubuntu provides several built-in utilities that make user management easier:

# List users with home directories
ls -la /home/

# Show currently logged-in users
who
w
users

# Display user account information with additional details
id username
finger username  # (may require installation: sudo apt install finger)

# Show user groups
groups username
id -Gn username

The compgen command, part of bash completion, can also list users:

# List all users
compgen -u

# List users starting with specific letter
compgen -u j

Filtering and Categorizing Users

In production environments, you often need to categorize users based on specific criteria. Here’s how to create useful filters:

# Create a script to categorize users
#!/bin/bash

echo "=== SYSTEM USERS (UID < 1000) ==="
awk -F: '$3 < 1000 {print $1 " (UID: " $3 ")"}' /etc/passwd

echo -e "\n=== REGULAR USERS (UID >= 1000) ==="
awk -F: '$3 >= 1000 && $3 != 65534 {print $1 " (UID: " $3 ")"}' /etc/passwd

echo -e "\n=== USERS WITH LOGIN SHELLS ==="
awk -F: '$7 ~ /(bash|zsh|fish|sh)$/ {print $1 " - " $7}' /etc/passwd

echo -e "\n=== SERVICE ACCOUNTS (no shell) ==="
awk -F: '$7 ~ /(nologin|false)$/ {print $1}' /etc/passwd

Real-world Use Cases and Examples

Here are practical scenarios where viewing system users becomes essential:

Security Audit Example

# Security audit script
#!/bin/bash

echo "Security Audit Report - $(date)"
echo "================================"

echo -e "\n1. Users with UID 0 (root privileges):"
awk -F: '$3 == 0 {print $1}' /etc/passwd

echo -e "\n2. Users with empty passwords:"
sudo awk -F: '$2 == "" {print $1}' /etc/shadow

echo -e "\n3. Users with bash access:"
grep "/bin/bash" /etc/passwd | cut -d: -f1

echo -e "\n4. Recently created users (check timestamps):"
ls -lat /home/ | head -10

echo -e "\n5. Users never logged in:"
lastlog | awk '$2 == "Never" {print $1}'

System Cleanup Example

# Find potentially unused accounts
#!/bin/bash

echo "Potentially inactive user accounts:"
echo "==================================="

# Users who haven't logged in for 90+ days
lastlog -b 90 | grep -v "Username" | grep -v "Never logged in"

# Users with home directories but no recent activity
find /home -maxdepth 1 -type d -atime +90 -printf "%f - last accessed: %AD\n" 2>/dev/null

Comparison of User Viewing Methods

Method Speed Information Detail Best Use Case Limitations
cat /etc/passwd Fast Complete user database Full system overview Raw format, hard to read
getent passwd Fast NSS-aware, complete Enterprise environments May include remote users
who/w Very Fast Currently logged in only Active session monitoring Only shows active users
lastlog Medium Login history Security audits Large files on busy systems
Custom scripts Variable Highly customizable Specific filtering needs Requires maintenance

Best Practices and Common Pitfalls

When working with user information on Ubuntu systems, follow these best practices:

  • Regular Audits – Schedule monthly reviews of user accounts to identify unused or potentially compromised accounts
  • Use Appropriate Permissions – Some commands require sudo access; never run user management scripts as root unless necessary
  • Consider Network Users – In environments with LDAP or Active Directory, local user lists may not show the complete picture
  • Monitor System Users – Pay attention to system account changes, as they might indicate security issues
  • Document Custom Accounts – Maintain documentation for service accounts and their purposes

Common pitfalls to avoid:

  • Ignoring System Users – Don’t focus only on human users; compromised system accounts can be equally dangerous
  • Parsing Issues – Be careful when parsing /etc/passwd with simple scripts; use proper field separators
  • Cache Issues – NSS cache might show outdated information; use nscd -i passwd to refresh if needed
  • Permission Errors – Some user information requires elevated privileges to access

Integration with System Monitoring

For production environments, consider integrating user monitoring into your system monitoring stack:

# Example monitoring script for user changes
#!/bin/bash

PASSWD_HASH=$(md5sum /etc/passwd | cut -d' ' -f1)
SHADOW_HASH=$(sudo md5sum /etc/shadow | cut -d' ' -f1)

# Store/compare with previous hashes
echo "Passwd hash: $PASSWD_HASH"
echo "Shadow hash: $SHADOW_HASH"

# Alert if changes detected
if [ -f /tmp/last_passwd_hash ]; then
    if [ "$(cat /tmp/last_passwd_hash)" != "$PASSWD_HASH" ]; then
        echo "WARNING: User database changed!"
        # Send alert or log to monitoring system
    fi
fi

echo "$PASSWD_HASH" > /tmp/last_passwd_hash

This approach helps maintain security by detecting unauthorized user modifications in real-time.

For more detailed information about user management in Ubuntu, refer to the official Ubuntu documentation and the Linux man pages for specific command details.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

More stories

Proxmox VE 9.0: The Ultimate Virtualization Beast is Here
admin, August 8, 2025
Proxmox VE 9.0: The Ultimate Virtualization Beast is He...
How to Use Apache HTTP Server as Reverse Proxy Using mod_proxy
admin, August 4, 2025
How to Use Apache HTTP Server as Reverse Proxy Using mo...
Install and Uninstall Node.js on Ubuntu – Step-by-Step
admin, August 4, 2025
Install and Uninstall Node.js on Ubuntu – Step-by-Step

Leave a reply

Your email address will not be published. Required fields are marked

Login
Register
Forgot something?