User Accounts
Advances in technology often bring their own new problems. As soon as computers were able to support multiple users, the need to ring-fence and encapsulate each person’s work from everyone else became apparent. This led to the concept of user accounts. Each user has a named ID and a password. These are the credentials that let them log into their account. Their files are kept in an area that is private to each user.
On a busy system, it is easy to lose sight of which accounts you have created, and which are no longer needed. From a security point of view, it is bad practice to keep user accounts that you no longer need to be configured and accessible on your computer. You should remove those users.
Even if you don’t have other people using your computer you might have created some accounts just to learn how to do it, or to learn and practice administration processes.
The first step is to list the user accounts that are configured on your computer. That lets you review them and make a judgment call on which can be deleted. There are several methods to list users. No matter which distribution you’re using, these techniques should work for you without needing to install any applications or utilities.
List Users With the cat Command
A list of the configured users is maintained, along with information about each user, in the “/etc/passwd” file. This is a text file that regular users can list to the terminal window. You don’t need to use sudo to look into the “/etc/passwd” file.
We can use the cat command to send the contents of the “/etc/passwd” file to the terminal window. This will list the entire contents of the file. This means you’ll also see the entries for user accounts that are owned by processes and the system, not by people.
There’s a line of dense information reported for each user account.
The information for the user account called “dave” contains these pieces of information, with colons “:” between them.
dave: The name of the user account. Usually the name of the person who owns the account. x: At one time, this held the password for the account. Nowadays, passwords are stored in the “/etc/shadow” file. The “x” means the password is in that file. 1000: The user ID for this account. All user accounts have a unique numeric ID. Regular user accounts usually start at 1000, with each new account taking the next free ID, such as 1001, 1002, and so on. 1000: The group ID of the default group the user belongs to. In normal circumstances, the default group has the same value as the user ID. dave,,,: A collection of optional extra information about the user. This field contains data with commas “,” between them. They can hold things like the full name of the user, their office number, and their telephone number. The entry for user account “mary” shows her full name is Mary Quinn. /home/dave: The path to the user’s home folder. /bin/bash: The default shell for this user.
If we pipe the output from this command through the wc utility and use the -l (lines) option we can count the lines in the file. That’ll give us the number of accounts configured on this computer.
That figure includes the system accounts and users created by applications. There are about 400 regular users configured on this computer. Your result is likely to be a lot less.
With that many accounts, it’s more convenient to use less to view the “/etc/passwd” file.
Using less also allows you to search within the output, should you want to look for a particular user account.
The awk Command
Using the awk command we can display just the username. This can be useful when you’re writing a script that needs to do something to a lot of user accounts. Listing the user account names and redirecting them into a text file can be a great time saver. All you need to do then is copy and paste the rest of the command onto each line.
We’ll tell awk to use the colon “:” as the field separator, and to print the first field. We’ll use the -F (field separator) option.
The user account names are written to the terminal window without any of the other account information.
RELATED: How to Add Users on Linux
The cut Command
We can achieve the same sort of thing using the cut command. We need to use the -d (delimiter) option and ask it to select the first field only, using the -f (fields) option.
This lists all of the user accounts, including the system and other non-human accounts.
The compgen Command
The compgen command can be used with the -u (user) option to list the user accounts. We’ll pipe the output through the column command to list the user accounts in columns, instead of one long list with a single user name per line.
Again, the first user accounts listed belong to processes, not humans.
UID MIN and UID MAX
User accounts are given a numeric ID, which we saw earlier. Usually, the regular human user accounts start at 1000, and the system, non-human, user accounts start at 0. The ID of the root account is 0.
If we can verify the lowest and highest possible user IDs, we can use that information to select the user accounts that are between those two values. That will let us select only the user accounts belonging to real people.
Linux keeps track of these two values using configuration parameters called UID_MIN and UID_MAX . These are held in the “/etc/login.defs” file. We can easily see these values using grep.
We’re going to use the -E (extended regex) option. Our search string looks for lines that begin with “UID_MIN” or “UID_MAX” in the “/etc/login.defs” file. The caret “^” represents the beginning of a line.
The range for user IDs on this computer is from 1000 to 60,000.
RELATED: How to Use Regular Expressions (regexes) on Linux
The getent Command
The getent command reads information from system databases. We can tell it to list the entries in the “/etc/passwd” file by using “passwd” as a parameter.
This gives us the same readout we can get using cat. But where getent shines is by accepting values known as “keys.” A key dictates which information getent reports on. If we want to see the entry for a single user, we can pass in their user account name on the command line.
Note that the user account name is case-sensitive.
We can also pass in the upper and lower limits of the user account IDs we want to see. To see absolutely all the regular user accounts, we can use the values from UID_MIN and UID_MAX.
This takes some time to run. Eventually, you’ll be returned to the command prompt.
The reason for the long execution time is that getent tries to find matches for all of the user account values right up to 60000.
Let’s see what the highest user account ID is. We’ll use the cut command, but this time we’ll ask for field three, the user ID field. We’ll pipe the output through sort and use the -g (general numeric sort) option.
The highest ID value of a human-owned user account is 1401.
User id 65534 is assigned to the system concept of “nobody.”
So we know that instead of using the UID_MAX value of 60000, on this computer we can use a more realistic value like 1500. That’ll speed things up nicely. We’ll also pipe the output through cut to extract just the names of the user accounts.
getent passwd {1000..1500} | cut -d: -f1
The users are listed and we’re returned immediately to the command prompt.
Instead of piping the output through cut, let’s pipe the output through wc and count the lines once more. That’ll give us the number of “real” user accounts.
We can now see that on this computer, definitively, there are 400 configured, human-owned, user accounts.
Power and Simplicity
One of these techniques is sure to suit your needs when you need to review the user accounts on a Linux computer. These commands should be present on all distributions, and none of them require sudo access, so they are all available to every user.
RELATED: How to Control sudo Access on Linux