If you just took over a Linux server, one of the first things you will want is a clear roster of who has an account. The good news is that several built-in commands return that list in seconds. This guide covers each method on Ubuntu, Debian, RHEL, Fedora, CentOS, Arch, and almost every other distribution.
Reading /etc/passwd to Linux List Users
Every account on a Linux box has a single line inside /etc/passwd. The fields sit on one row, separated by colons. Display the file with:
cat /etc/passwdA typical line looks like this:
vnstat:x:131:137:vnstat daemon,,,:/var/lib/vnstat:/usr/sbin/nologinHere is what each colon-separated field stores:
| Field | Meaning |
|---|---|
| 1 | Login name (e.g., vnstat) |
| 2 | Password placeholder; the hash sits in /etc/shadow |
| 3 | UID (user ID) |
| 4 | Primary GID |
| 5 | GECOS field — full name or comment |
| 6 | Home directory |
| 7 | Default shell |
Login names should be 1 to 32 characters long. If the shell field reads /usr/sbin/nologin or /sbin/nologin, that account cannot open an interactive session. Check the adduser configuration if you need to know how new accounts get created.
Browsing With a Pager
The passwd file gets long fast on shared servers. Use a pager:
more /etc/passwd
less /etc/passwdGrab only the first or last few lines:
head -5 /etc/passwd
tail -5 /etc/passwdExtracting Only Usernames When You Linux List Users
Most of the time you just want names — no UIDs, no shells. Two short pipelines do the job:
awk -F':' '{ print $1}' /etc/passwdOr with cut:
cut -d: -f1 /etc/passwdBoth print one username per line. No noise, no headers.
Using getent to Linux List Users From Local and Network Sources
The getent utility queries every database the Name Service Switch knows about. That includes /etc/passwd and any networked source like LDAP or NIS:
getent passwdLook up a single account:
getent passwd tomPipe through cut for a clean username list:
getent passwd | cut -d: -f1Count entries:
getent passwd | wc -lIf you only need a flat list of names, compgen is even shorter:
compgen -uChecking Whether a Specific Account Exists
Need to confirm a name before running scripts? A few quick options:
getent passwd vivek
compgen -u | grep vivek
getent passwd | grep -q sai && echo "Account sai exists" || echo "Account sai missing"Many admins pair this check with a grep filter to locate accounts by partial match before changing permissions or sudo rights.
Counting Total Accounts
Two fast ways to get a single number:
compgen -u | wc -l
getent passwd | wc -lSeparating Regular Users From System Accounts
Linux uses UID ranges set in /etc/login.defs. View the boundaries:
grep "^UID_MIN" /etc/login.defs
grep "^UID_MAX" /etc/login.defs| Variable | Default | Purpose |
|---|---|---|
| UID_MIN | 1000 | Lowest UID for regular accounts |
| UID_MAX | 60000 | Highest UID for regular accounts |
Anything between UID_MIN and UID_MAX belongs to a real human account. Print only those entries:
l=$(grep "^UID_MIN" /etc/login.defs)
l1=$(grep "^UID_MAX" /etc/login.defs)
awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" \
'{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwdWant to drop disabled accounts whose shell is /sbin/nologin? Add one condition:
awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" \
'{ if ( $3 >= min && $3 <= max && $7 != "/sbin/nologin" ) print $0 }' /etc/passwdThis trick pairs well with periodic audits. Once you have the filtered list you can pass it to usermod to lock dormant accounts or change shells in bulk.
Checking Who Is Currently Logged In
The w command shows active sessions plus what each user is running right now:
wFor one specific account:
sudo w tomThe who command gives a shorter snapshot, and uptime reports how long the box has been running. Both pull session data from /var/run/utmp. Reviewing active sessions also helps before you kill stale processes tied to a stuck login. If a user’s session refuses to end cleanly, the logout man page explains how utmp and wtmp records get updated.
Cleaning Up After You Linux List Users
Once the list is in front of you, the obvious follow-ups are renaming an account, locking a password, or removing stale entries. The logind configuration controls what happens to a user’s processes when their last session ends — useful when you plan to delete an account that still has background jobs running.
FAQs
What command shows all users on Linux?
Run cat /etc/passwd to print every account, or getent passwd to include networked sources like LDAP. For just the names, use cut -d: -f1 /etc/passwd or compgen -u.
How do I list only human users in Linux?
Filter by UID range. Regular accounts sit between UID_MIN (usually 1000) and UID_MAX (60000). An awk one-liner against /etc/passwd using those bounds returns only real user accounts.
What is the difference between cat /etc/passwd and getent passwd?
cat reads only the local file. getent queries every source defined in /etc/nsswitch.conf, so it picks up LDAP, NIS, and other directory services along with local accounts.
How do I see who is logged in right now?
Use w for a detailed view with running commands, or who for a shorter list. Both pull live session data from /var/run/utmp.
Can I count Linux users with one command?
Yes. Run getent passwd | wc -l for the total, or compgen -u | wc -l as a faster shell-built alternative. Both return a single integer.
