Tested on: Ubuntu 24.04 LTS, Debian 12, Rocky Linux 9, AlmaLinux 9, Fedora 40, and CentOS Stream 9. These commands work on most modern Linux distributions.
Linux systems allow administrators to create and manage multiple user accounts. These accounts control who can access the system and what actions they are allowed to perform.
System administrators frequently need to list users for tasks such as auditing accounts, troubleshooting login issues, verifying system access, or checking active sessions. Linux provides several built-in commands and configuration files that make it easy to retrieve user information.
This guide explains practical methods to list users in Linux using commands such as getent, who, compgen, and by reading system files like /etc/passwd.
Quick Reference: List Users in Linux
To list all users in Linux:
getent passwd
To display only usernames:
cut -d: -f1 /etc/passwd
To show currently logged-in users:
who
The following table summarizes the most common commands used to list users in Linux systems.
| Task | Command |
|---|---|
| List all users | getent passwd |
| Display usernames only | cut -d: -f1 /etc/passwd |
| List normal users | awk -F: '$3 >= 1000 {print $1}' /etc/passwd |
| List system users | awk -F: '$3 < 1000 {print $1}' /etc/passwd |
| Count total users | getent passwd | wc -l |
| Check if a user exists | id username |
| Show logged-in users | who |
| Display active sessions | w |
| List usernames currently logged in | users |
| List users in a group | getent group groupname |
| Display groups of a user | groups username |
List All Users on a Linux System
Using getent to list users from NSS databases
The getent command queries the system's Name Service Switch (NSS) databases and retrieves user information from all configured sources.
This includes:
- local users stored in
/etc/passwd - directory users from LDAP or Active Directory
- users managed through centralized authentication systems
To list all users:
getent passwd
The output contains several fields separated by colons:
username:x:UID:GID:comment:home-directory:shell
Example:
john:x:1001:1001:John Doe:/home/john:/bin/bash
Because getent queries NSS, it is considered the most reliable command for listing users, especially in enterprise environments.
Extract usernames from /etc/passwd
The /etc/passwd file stores local user account information. Each line represents one user entry.
To display the contents of the file:
cat /etc/passwd
However, this output contains multiple fields. To display only usernames, extract the first column.
Using the cut command:
cut -d: -f1 /etc/passwd
Example output:
root
daemon
bin
sshd
john
alice
You can also achieve the same result using awk.
awk -F: '{print $1}' /etc/passwd
This method lists only local users and does not include users from LDAP or other directory services.
List users using compgen command
Another way to list users on a Linux system is using the compgen command.
This command is a built-in Bash utility that generates possible command or variable completions.
To list all users known to the shell:
compgen -u
Example output:
root
daemon
bin
john
alice
While this command works well on most systems, it relies on shell information and may not always include directory users from external authentication systems.
Count total number of users on the system
Sometimes administrators only need to know how many user accounts exist on the system.
You can count all users returned by the NSS database.
getent passwd | wc -l
Example output:
54
This indicates the system currently has 54 user accounts configured.
Alternatively, if you want to count only local users:
cat /etc/passwd | wc -l
Display Only Human (Normal) Users
Linux systems contain both system users and normal user accounts. System users are used by services and daemons, while normal users represent human accounts that can log into the system.
Filtering normal users is useful when auditing accounts or managing access permissions.
Filter users based on UID range
Normal users typically have UID values starting from 1000.
To list users with UID greater than or equal to 1000:
awk -F: '$3 >= 1000 {print $1}' /etc/passwd
Example output:
john
alice
developer
This command filters the /etc/passwd file and prints usernames whose UID is greater than or equal to 1000.
Exclude system accounts from /etc/passwd
System accounts usually have UID values below 1000 and are used by system services.
To list only system users:
awk -F: '$3 < 1000 {print $1}' /etc/passwd
Example output:
root
daemon
bin
sys
messagebus
This helps administrators differentiate between service accounts and real users.
Identify login-capable users with shell access
Some accounts exist on the system but cannot log in because their shell is disabled.
Common disabled shells include:
/usr/sbin/nologin
/bin/false
To list users that have interactive login shells:
grep -E '/bin/bash|/bin/sh' /etc/passwd | cut -d: -f1
Example output:
root
john
alice
These accounts typically represent users who can log into the system.
Check Users Currently Logged Into the System
Administrators often need to determine which users are currently active on the system. This can help detect unauthorized access or monitor system usage.
Linux provides several utilities for viewing active user sessions.
Show active sessions using who
The who command displays information about users currently logged into the system.
who
Example output:
john pts/0 2026-03-08 09:15 (192.168.1.10)
alice pts/1 2026-03-08 09:22 (192.168.1.11)
The output shows:
- username
- terminal session
- login time
- source IP address
Display logged-in usernames with users command
The users command prints a simple list of users currently logged in.
users
Example output:
john alice
This command is useful when you only need to see usernames without additional session details.
Monitor user sessions with w command
The w command provides detailed information about logged-in users and their current activities.
w
Example output:
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
john pts/0 192.168.1.10 09:15 2:00 0.03s 0.02s bash
This command shows:
- active users
- login time
- system load
- commands currently being executed
Verify if a Specific User Exists
Before creating or modifying user accounts, administrators often need to check whether a particular user already exists.
Linux provides multiple methods for verifying user accounts.
Check user existence using id command
The id command displays information about a user if the account exists.
id username
Example:
id john
Output:
uid=1001(john) gid=1001(john) groups=1001(john)
If the user does not exist, the command returns an error.
Query user database using getent
You can also verify user existence using the getent command.
getent passwd username
Example:
getent passwd john
If the user exists, the full account entry is displayed.
Search user entries in /etc/passwd
Another method is searching directly inside the /etc/passwd file.
grep username /etc/passwd
Example:
grep john /etc/passwd
If the user exists, the corresponding entry will be displayed.
List Users Belonging to a Group
Display group members using getent group
The getent command can query the system's group database and return information about a specific group.
To display users belonging to a group:
getent group groupname
Example:
getent group sudo
Example output:
sudo:x:27:john,alice,developer
The last field lists all users who belong to that group.
Because getent queries the Name Service Switch (NSS) database, it can retrieve group information from both local files and centralized authentication systems such as LDAP.
Extract users from /etc/group file
Group information is stored in the /etc/group file on Linux systems.
To display the entire group database:
cat /etc/group
Each line contains the following fields:
groupname:x:GID:user1,user2,user3
Example:
sudo:x:27:john,alice
To list all users belonging to a specific group using grep:
grep sudo /etc/group
To extract only the usernames:
grep sudo /etc/group | cut -d: -f4
Check user group membership using groups command
To check which groups a user belongs to, use the groups command.
Example:
groups john
Example output:
john : john sudo developers docker
This command shows all groups associated with the specified user account.
List All Groups Available on a Linux System
Retrieve group database using getent group
The getent command can retrieve all groups from the system databases.
To list all groups:
getent group
Example output:
root:x:0:
daemon:x:1:
sudo:x:27:john
developers:x:1001:alice
This command retrieves groups from:
/etc/group- LDAP directories
- other configured NSS sources
Extract group names from /etc/group
To display only the group names stored locally on the system:
cut -d: -f1 /etc/group
Example output:
root
daemon
sudo
developers
docker
You can also achieve the same result using awk.
awk -F: '{print $1}' /etc/group
Display groups for a specific user
To see which groups a specific user belongs to, use the id command.
Example:
id john
Example output:
uid=1001(john) gid=1001(john) groups=1001(john),27(sudo),1002(developers)
Alternatively, you can use the groups command.
groups john
Identify Users With Login Access
Find users with interactive shells
Users with login access typically have interactive shells such as:
/bin/bash
/bin/sh
/bin/zsh
To list users with interactive shells:
grep -E '/bin/bash|/bin/sh|/bin/zsh' /etc/passwd | cut -d: -f1
Example output:
root
john
alice
These users can typically log into the system using SSH or a local terminal.
Detect disabled login accounts
Some accounts are intentionally disabled and cannot be used for login. These accounts often use shells such as:
/usr/sbin/nologin
/bin/false
To identify accounts with disabled login shells:
grep -E '/usr/sbin/nologin|/bin/false' /etc/passwd | cut -d: -f1
Example output:
daemon
nginx
mysql
These accounts are used by services and cannot log in interactively.
Identify service accounts on a system
Service accounts are created automatically by system packages and services.
These accounts usually:
- have low UID values
- have no home directory
- use disabled login shells
To list potential service accounts:
awk -F: '$3 < 1000 {print $1}' /etc/passwd
Audit Users for Security Checks
Detect suspicious or unknown accounts
You can list all users to review whether any unknown accounts exist.
cut -d: -f1 /etc/passwd
If you notice unfamiliar accounts, investigate their UID, home directory, and login shell.
You can also view detailed account information using:
id username
Find users without home directories
Some accounts may exist without valid home directories, which can indicate misconfiguration or potential security issues.
To identify such users:
awk -F: '{print $1,$6}' /etc/passwd
This command prints usernames along with their configured home directories.
Identify accounts with UID 0 privileges
Any account with UID 0 has root-level privileges.
To detect such accounts:
awk -F: '($3 == 0) {print $1}' /etc/passwd
Example output:
root
If additional accounts appear in this list, they should be reviewed immediately because they have full administrative privileges.
List Users from LDAP or Centralized Authentication
In many enterprise environments, user accounts are not stored locally on the server. Instead, they are managed through centralized identity services such as LDAP, FreeIPA, or Active Directory.
Linux systems access these external user directories through the Name Service Switch (NSS) framework, which allows commands to retrieve user information from multiple sources.
Retrieve LDAP users using getent
The most reliable way to list users from both local and centralized sources is using the getent command.
getent passwd
This command retrieves user entries from all sources configured in /etc/nsswitch.conf, including:
- local user accounts in
/etc/passwd - LDAP directories
- Active Directory
- other NSS-supported authentication providers
Example output:
john:x:1001:1001:John Doe:/home/john:/bin/bash
ldapuser:x:10500:10500:LDAP User:/home/ldapuser:/bin/bash
This makes getent particularly useful when working in environments where authentication is handled by directory services.
Understand NSS integration with LDAP and Active Directory
The Name Service Switch (NSS) defines how Linux retrieves system information such as users, groups, and hostnames.
You can check which sources are configured for user lookups by inspecting the following file:
cat /etc/nsswitch.conf
Look for the passwd entry:
passwd: files ldap
This indicates that Linux will first check the local /etc/passwd file and then query the LDAP server if the user is not found locally.
This integration allows standard commands like id, groups, and getent to work seamlessly with centralized authentication systems.
Differences between local and directory users
Local users and directory users behave similarly but are stored in different locations.
| Feature | Local Users | Directory Users |
|---|---|---|
| Storage location | /etc/passwd | LDAP / Active Directory |
| Authentication source | Local system | Centralized server |
| Availability | Only on that machine | Across multiple systems |
| Example | root, nginx | ldapuser, domainuser |
Directory users typically appear only when queried through commands such as:
getent passwd
Common Tasks for Linux Administrators
List users with home directories
Each user typically has a home directory defined in the /etc/passwd file.
To display usernames along with their home directories:
awk -F: '{print $1,$6}' /etc/passwd
Example output:
root /root
john /home/john
alice /home/alice
This helps administrators verify whether user accounts have valid home directories configured.
Find users with sudo privileges
Users with administrative privileges are often members of the sudo or wheel group.
To list users in the sudo group:
getent group sudo
Example output:
sudo:x:27:john,alice
On some distributions such as CentOS or Rocky Linux, administrative users belong to the wheel group.
getent group wheel
This command helps administrators quickly identify privileged users.
Display last login information
The last command displays historical login information for users.
last
Example output:
john pts/0 192.168.1.10 Fri Mar 8 09:15 still logged in
This allows administrators to review login activity and detect suspicious access attempts.
Check user UID and group IDs
To display detailed information about a user account, use the id command.
id john
Example output:
uid=1001(john) gid=1001(john) groups=1001(john),27(sudo),1002(developers)
This command shows:
- user ID (UID)
- primary group ID (GID)
- all secondary group memberships
Overview of User Accounts in Linux
Types of users in Linux systems
Linux typically categorizes user accounts into three main types.
Root user
The root account is the superuser with full administrative privileges.
id root
The root account always has UID:
0
This account can perform any operation on the system.
System users
System users are accounts created by the operating system or installed services. They run background services and system processes.
Examples include:
daemon
nginx
mysql
System users typically:
- have UID values below 1000
- do not have interactive login shells
To list system users:
awk -F: '$3 < 1000 {print $1}' /etc/passwd
Normal users
Normal users represent human accounts used to log in and interact with the system.
These accounts typically:
- have UID values starting from 1000
- have home directories
- have interactive shells
To list normal users:
awk -F: '$3 >= 1000 {print $1}' /etc/passwd
Difference between system users and normal users
| Feature | System Users | Normal Users |
|---|---|---|
| Purpose | Run services and daemons | Human login accounts |
| UID Range | Usually below 1000 | Usually 1000 or higher |
| Login Access | Usually disabled | Interactive login allowed |
| Home Directory | Often none | Usually /home/username |
Understanding this difference is useful when auditing system accounts.
Where Linux stores user information
Linux stores user account information in several configuration files.
The /etc/passwd file stores basic user account details.
cat /etc/passwd
The /etc/shadow file stores encrypted passwords and password policies.
sudo cat /etc/shadow
The /etc/group file stores group membership information.
cat /etc/group
These files form the foundation of local user management on Linux systems.
Differences Across Linux Distributions
Listing users on Ubuntu and Debian
Ubuntu and Debian use the same user database files and commands as most Linux systems.
Common commands include:
getent passwd
and
cut -d: -f1 /etc/passwd
Administrative users are typically members of the sudo group.
getent group sudo
Listing users on CentOS and Rocky Linux
CentOS, Rocky Linux, and other Red Hat–based distributions also use the same user management files.
However, administrative users are usually members of the wheel group instead of sudo.
getent group wheel
System services often create additional service accounts when software packages are installed.
Behavior differences with LDAP or FreeIPA
In environments using centralized identity systems such as LDAP or FreeIPA, users may not appear directly in /etc/passwd.
Instead, these users are retrieved through NSS queries.
To display both local and directory users:
getent passwd
This command ensures administrators see all available users regardless of where they are stored.
Frequently Asked Questions
1. How do I list all users in Linux?
You can list all users in Linux using the getent passwd command or by extracting usernames from the /etc/passwd file.2. How do I list only normal users in Linux?
Normal users usually have UID 1000 or higher. You can list them using: awk -F: '$3 >= 1000 {print $1}' /etc/passwd.3. How do I see currently logged in users in Linux?
Use the who or users command to see users currently logged into the system.4. How do I check if a specific user exists in Linux?
You can check if a user exists using the id username or getent passwd username command.5. Where are Linux users stored?
Local Linux user accounts are stored in the /etc/passwd file, while authentication information is stored in /etc/shadow.Summary
Listing users in Linux is a common administrative task used for auditing accounts, troubleshooting access issues, and managing permissions. Linux provides several commands and system files that allow administrators to retrieve user information in different ways.
In this guide we explored multiple scenarios for listing users, including retrieving all users from the system database, filtering normal user accounts, checking active sessions, verifying whether a user exists, and identifying users belonging to specific groups.
Key commands covered include:
getent passwd
cut -d: -f1 /etc/passwd
compgen -u
who
users
id
These commands allow administrators to quickly gather user information from both local configuration files and centralized authentication services such as LDAP or Active Directory.
Understanding how Linux stores and retrieves user information is essential for system maintenance, security auditing, and user management across modern Linux distributions.
Official Documentation
For deeper technical details, refer to the official Linux manual pages and documentation.
getent manual page
man getent
Documentation: https://man7.org/linux/man-pages/man1/getent.1.html
id command manual page
man id
Documentation: https://man7.org/linux/man-pages/man1/id.1.html
who command manual page
man who
Documentation: https://man7.org/linux/man-pages/man1/who.1.html
passwd file format documentation
