This guide walks you through the quickest ways to pull a full user roster from a Linux system, starting with the classic `cat /etc/passwd` command that reveals every account and its details. It then shows how to filter that data for real human users—those with UIDs 1000 or higher—using either `awk` or a clever `grep`/`cut` combo, keeping the list tidy by excluding system accounts like root or daemon. The article explains why the `getent passwd` command is essential when authentication is backed by external services such as LDAP or NIS, and it offers a quick trick to identify who has sudo privileges by inspecting the sudo or wheel groups in /etc/group. Finally, it advises saving the output to a file for audit purposes so you can compare snapshots before and after system changes.

List All Users on a Linux System: Quick & Easy Steps

Want a straight‑up way to see every user that can log into your machine? This guide shows you how to pull that list from the command line, clean it up if you need, and why each trick matters.

1. List All Users on Linux with cat /etc/passwd

The file /etc/passwd is the ancient ledger where every account lives. Open a terminal and run:

cat /etc/passwd

You’ll see lines like bob:x:1000:1000:Bob:/home/bob:/bin/bash. Each line gives you a username, UID, GID, real name, home directory, and login shell. This is the raw source that all other tools read.

If you’re debugging a login failure or just want to confirm an account’s existence, the passwd file is the first place to check. It contains every user, even system accounts that don’t have passwords.

2. Filter with grep and awk – focus on real human accounts

System users (like root, daemon, or nobody) usually have UIDs below 1000. Most Linux distributions reserve IDs < 1000 for services. To isolate “real” people:

awk -F: '$3 >= 1000 { print $1 }' /etc/passwd

or the shorter grep version:

grep -E '^([^:]+):x:[1-9][0-9]*:' /etc/passwd | cut -d: -f1

When you’re troubleshooting who has access, you only care about user accounts with passwords or SSH keys. Filtering out system users keeps the list tidy.

3. Use getent to honor PAM configurations

Linux can be configured to use other databases (LDAP, NIS) for authentication. The getent command fetches entries from all configured sources:

getent passwd | awk -F: '$3 >= 1000 { print $1 }'

If your system pulls users from an external directory, this is the only way to see them.

A recent update added a corporate LDAP server. After logging in as jane, I realized there were dozens of new accounts that weren’t visible with just /etc/passwd. getent caught them all.

4. Quick trick: cat /etc/group for admin groups

Sometimes you’re more interested in who can sudo or own a group than the raw account list. Check the sudo and wheel groups:

grep '^sudo:' /etc/group | cut -d: -f4

If a user has been added to sudo, they effectively have root access. This is often more relevant than their UID alone.

5. Save the list for later or audit purposes

If you’re auditing or just want to keep a copy, redirect the output:

awk -F: '$3 >= 1000 { print $1 }' /etc/passwd > ~/userlist.txt

Having a snapshot helps when you need to compare before and after a system change—especially useful when you accidentally delete an account during cleanup.

That’s all there is to it. Grab the terminal, copy one of those snippets, and you’ll know exactly who can log into your Linux box at any moment. If you run into unexpected names or empty outputs, double‑check whether PAM or an external directory is involved. Happy hacking!