Linux supports multiple users and groups, allowing access to be granted to only the resources required. Here’s how to list users, groups, and group membership.
Separating users and groups ensures that different people can’t accidentally interfere with each other’s files and ensures system security by denying access to vital system files.
This article details the various ways to query the users and groups on a computer running a Linux Operating System.
Listing All Users
The /etc/passwd file is a text-file database containing information on all of the users on a Linux system.
It can be viewed using the less command, which outputs a text file’s contents in a paginated manner (The list of users can be quite long).
less /etc/passwd
You can also use the getent command to query the users database for your system:
getent passwd
getent is a tool specifically for querying various text-file databases used in the configuration of a Linux system.
The output of the above will look something like this:
pulse:x:123:128:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin gnome-initial-setup:x:124:65534::/run/gnome-initial-setup/:/bin/false gdm:x:125:130:Gnome Display Manager:/var/lib/gdm3:/bin/false linuxscrew:x:1000:1000:LinuxScrew,,,:/home/linuxscrew:/bin/bash
You will see your user, along with a list of other users on the system – many applications and services will have their own user so that they can be granted permissions only to the system resources they require to operate, maintaining system functionality and security.
Each line in the /etc/passwd file holds the details of a single user. There are several fields, each separated by a : (colon). The values are as follows:
| Value/Position | Meaning |
|---|---|
| 1 | The username for the user. |
| 2 | The password for the user. Usually, blank (noted by an x) as passwords are usually stored in an encrypted format in the /etc/shadow file. |
| 3 | UID (User ID) – the unique numerical identifier for the user. |
| 4 | GID (Primary Group ID) – the ID for the Primary group for the user (see below for more details). Group information is stored in the /etc/group file. |
| 5 | User Info. This field stores extra information about the user, like their full name or contact details, in a comma-separated format. |
| 6 | The users home directory – the path to the directory the user is placed in after login. For normal users, the user should have full permissions for this directory – it’s where they will store their files. |
| 7 | The path to the command line shell the user will use to operate the system. Usually, this is the path to the Bash shell, but there are other shells too. Some users do not require shell access and may have it set to /bin/false or /usr/sbin/nologin. |
Listing Normal Users Only
To view only normal users – that is, users that you have created to log in and operate the computer (as opposed to users created for an application or service), run the following:
eval getent passwd {$(awk '/^UID_MIN/ {print $2}' https://cd.linuxscrew.com/etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' https://cd.linuxscrew.com/etc/login.defs)}
A lot is going on here. Here’s a breakdown:
- eval is a command which will concatenate parameters following it into a single command and execute it
- gentent passwd queries the /etc/passwd file
- awk is a tool for searching for values in text
- Here it’s first used to search the /etc/login.defs file to find out the range of numerical IDs which are assigned to normal users 0 defined by the UID_MIN and UID_MAX values in that file
- It is then used to search the output from getent passwd for only users who have an ID in the above range.
As this lists only normal users, the output is limited to the below on my machine:
linuxscrew:x:1000:1000:LinuxScrew,,,:/home/linuxscrew:/bin/bash
See our article explaining the awk command here.
Listing All Groups (And Their Members)
The /etc/group file is (also) a text-file database containing information on all of the groups on a Linux system.
Like the /etc/passwd file, it can be viewed using the less command, which outputs a text file’s contents in a paginated manner (the list of groups can be quite long).
less /etc/group
You can also use the getent command to query the groups database for your system:
getent group
The output to both of the above will look something like this:
colord:x:126: geoclue:x:127: pulse:x:128: pulse-access:x:129: gdm:x:130: lxd:x:131:linuxscrew linuxscrew:x:1000:
As you can see, there are a lot of groups. Many applications and services will have their own unique group so that that service can be granted permission only to access the resources it needs – maintaining system stability and security.
Each line in the /etc/group file represents a single group, with several information fields separated by a : (colon). The values are as follows:
| Value/Position | Meaning |
|---|---|
| 1 | The name of the group |
| 2 | Password for group. Generally not used (noted by a value of x). Can be set to enable privileged groups. |
| 3 | GID (Group ID) – the unique numerical identifier of the group. If the group is the primary group for a user, the GID for the group will appear in the /etc/passwd file. |
| 4 | The list of usernames for the users who are members of the group (unless it’s the users primary group – see below). Usernames are comma-separated. |
Primary and Secondary Groups
Each user will have a single primary group and can also be a member of multiple secondary groups.
Usually, the primary group shares its name with the user and is the default group given permissions to a file created by the user.
The users primary group may not appear in the /etc/group file! It is usually defined in the /etc/passwd file in the GID (Group ID) field.
Listing Groups of a Specific User
To find out what groups you, the current user, are a member of, use the groups command
groups
The groups you are a member of will be listed, separated by spaces.
To find out what groups another user is a member of, run:
groups USERNAME
…where USERNAME is the name of the user you wish to list the groups for. You may need to run this as root or using the sudo command depending on your user permissions.
The ‘id’ Command
There is also the id command – it prints out the information for a user. To find information on the current user, run it:
id
Or, to find information on another user, run:
id USERNAME
The UID (User ID), GID (Primary Group ID), and a list of all of the groups the user is a member of in the format GID(group name) will be output. It will look something like this:
uid=1000(linuxscrew) gid=1000(linuxscrew) groups=1000(linuxscrew),27(sudo)
Check out our other Linux Tips and Bash/Shell tutorials!
