How to show users in Linux

In Linux, regularly reviewing user account information is crucial for system security, regulatory compliance, and resource management. It helps administrators monitor access control, identify privileged accounts, and manage system resources more effectively. This process also helps in detecting unauthorized or inactive accounts, reducing potential security risks, and ensuring the system complies with organizational policies.

As a first step, admins commonly employ the practice of listing or viewing the users to achieve this user account review. This helps them to:

• Declutter users: Over time, numerous user accounts can accumulate, leading to clutter. Listing users helps admins identify unnecessary accounts.
• Ensure security: Dormant users pose a significant security risk. By maintaining an accurate list of Linux users, admins can ensure that only authorized users have access to sensitive systems.
• Facilitate access controls: Proper user management begins with viewing the user landscape. This allows admins to provide users with appropriate access levels, preventing unauthorized accesses.

This article will explain how to show or list users of Linux systems using different commands.

How to list users on a Linux system using commands

Linux systems define users as entities that can interact, operate, and manage the operating system. They define two types of users: regular users and system users. System users are created during installation by the system. They have specific purposes and are not meant for regular user interaction. They are primarily used to run system services and applications. Regular users are created by the system administrators who can access the system and its resources based on the permissions assigned to them. They are further classified into standard and administrator users.

Every Linux system stores each user's information in the /etc/passwd file. Each line in this file represents a user account in the below format:

• Username: The user’s login name.
• Password placeholder: Usually an x, indicating the actual password is stored securely elsewhere, such as in /etc/shadow.
• User ID: A unique identifier assigned to each user.
• Group ID: Identifies the user’s primary group.
• GECOS: This field typically includes the full name or other descriptive information about the user.
• Home Directory: The default directory where the user’s files are stored.
• Login shell: The shell that launches when the user logs in.

The following methods utilize basic Linux commands to list users from the above file.

1. Using the cat command

The cat (short for concatenate) command is a versatile command-line utility used to manipulate files and display their content. One of the ways to view all the users of a Linux system is to utilize cat command to list all the users in /etc/passwd file (which contains user details).

Running this command prints the entire content of the /etc/passwd file. Each line of the output represents a user account. This method is straightforward and provides a complete list of all users, including system accounts that Linux uses to manage various services.

2. Using the cut command

If you’re only interested in seeing the usernames, without the additional details, you can use the cut command to extract the output.

This command uses the colon (:) as a delimiter (-d:) and prints only the first field (-f1), which contains the usernames. The result is a clean list of all usernames on the system.

3. Using the getent command

For a more versatile approach, the getent command can be used to retrieve entries from system databases, including user accounts. This method is particularly useful in environments where user accounts are managed across a network, such as with LDAP.

The getent passwd command provides a list of users similar to the /etc/passwd file, but it includes users from other databases configured on the system, like LDAP or NIS, if they’re in use.

To list a specific user, you can run:

Replace username with the desired username to retrieve details for that specific user. This is especially helpful when you want to verify individual user information across both local and network-managed databases.

How to list logged-in users

In addition to listing all users, it’s often necessary to see which users are currently logged in and active on the system. Linux provides several commands for this purpose.

1. Using the who command

The who command is a simple and effective way to see who is currently logged into the system.

This command displays a list of all users currently logged in, along with details such as the terminal they are using, their login time, and the remote host they connected from, if applicable.

2. Using the w command

For more detailed information about logged-in users, including what they are currently doing, the w command is the tool of choice.

The w command shows all users logged in, along with their activity. It provides additional details such as the processes each user is running, how long they’ve been idle, and resource usage statistics.

3. Using the last command

To see a history of user logins, the last command is particularly useful.

The last command reads from the /var/log/wtmp file, displaying a history of logins and logouts. This includes the usernames, the times they logged in and out, and the duration of their sessions.

How to list information for specific users

Sometimes, you may need to gather detailed information about a particular user, such as their user ID, group memberships, or the groups they belong to.

1. Using the id command

The id command provides a concise summary of a user’s identity, including their user ID, group ID, and group memberships.

Replace username with the name of the user you’re interested in. The command returns the user’s UID, primary GID, and a list of all groups the user is a member of.

2. Using the finger command

The finger command offers a more detailed look at a user’s information, though it may need to be installed on some systems.

Running this command displays detailed information about the user, including their full name, home directory, shell, login times, and more. It’s a helpful tool for quickly getting a complete picture of a user’s account.

3. Viewing user groups with the groups command

To see the groups a specific user belongs to, you can use the groups command.

This command outputs all the groups associated with the user, which is useful for understanding their permissions and access within the system.

How ManageEngine EventLog Analyzer tracks user activities in Linux

ManageEngine EventLog Analyzer is a log management solution designed to centralize and analyze logs from various sources, including Linux systems. It provides a comprehensive solution for tracking user activities, ensuring security, and maintaining compliance. It enhances user management in Linux environments by centralizing log data and offering real-time visibility into user activities, such as logon and logoff events, failed attempts, and resource usage. This monitoring helps administrators detect anomalies like unauthorized access or unusual resource consumption, improving overall security. By providing these insights, EventLog Analyzer allows for proactive responses to potential threats and ensures that user activities are well-tracked.

In addition to security monitoring, EventLog Analyzer helps enforce critical security policies—including password complexity and access controls—to protect Linux systems. It also generates comprehensive audit reports, simplifying the audit process. The intuitive interface and advanced capabilities make it an efficient solution for maintaining a secure, well-monitored Linux environment.

Next steps: