Linux list all users account using the /etc/passwd file
In order to list all users on Linux, use the cat command as follows: $ cat /etc/passwd Here is what I see:
Each line in the file has seven fields as follows. For example, consider the following line: vnstat:x:131:137:vnstat daemon. /var/lib/vnstat:/usr/sbin/nologin Where,
No ads and tracking
In-depth guides for developers and sysadmins at Opensourceflare✨
Join my Patreon to support independent content creators and start reading latest guides:
How to set up Redis sentinel cluster on Ubuntu or Debian Linux
How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
vnstat – The user name or login name.
x – Encrypted password is stored in the /etc/shadow file.
131 – UID (user ID number)
137 – Primary GID (group ID number)
vnstat daemon – GECOS. It may includes user’s full name (or application name, if the account is for a program), building and room number or contact person, office telephone number, home telephone number and any other contact information.
/var/lib/vnstat – Home directory for the user.
/usr/sbin/nologin – Login shell for the user. Pathnames of valid login shells comes from the /etc/shells file.
How to list users in Linux using pagers
Of course we can use pagers such as more/less commands as follows to view the /etc/passwd file: $ more /etc/passwd $ less /etc/passwd Sample outputs:
Fig.01: List users using /etc/passwd
Linux list user names only
To list only usernames type the following awk command: $ awk -F’:’ ‘< print $1>‘ /etc/passwd Sample outputs:
Another option is to use the cut command: $ cut -d: -f1 /etc/passwd
Get a list of all users using the getent command
To get a list of all Linux users you can type the following getent command: $ getent passwd $ getent passwd | grep tom ## get a list all users ## $ getent passwd | cut -d: -f1 ## count all user accounts using the wc ## $ getent passwd | wc -l One can use the compgen command on Linux to list users and other resources too: $ compgen -u
Find out whether a user account exists in the Linux server
We can use above commands to see whether a user exists in the Linux machine as follows using the grep command:
A simplified command would be:
How to count user accounts in the Linux server
Want to get user accounts count on your system? Try the wc command as follows: $ compgen -u | wc -l $ getent passwd | wc -l
A Note About System and General Users
Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter: $ grep «^UID_MIN» /etc/login.defs $ grep UID_MIN /etc/login.defs Sample outputs:
1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:
To see maximum values for automatic uid selection in the useradd command, enter: $ grep «^UID_MAX» /etc/login.defs Sample outputs:
In other words, all normal system users must have UID >= 1000 (MIN) and UID /etc/shells file. Here is an updated code to get details:
Источник
ChapterВ 1В Configuring and Managing Local Accounts
This chapter describes how to configure and manage local user and group accounts in Oracle Linux 8.
1.1В About User and Group Configuration
You use the useradd and groupadd commands to add and delete users and groups, as well as to modify settings such as passwords, home directories, login shells, and group membership
In an enterprise environment that might have hundreds of servers and thousands of users, user and group account information is more likely to be held in a central repository rather than in files on individual servers. You can configure user and group information on a central server and then retrieve this information by using services such as the Lightweight Directory Access Protocol (LDAP) or the Network Information Service (NIS). You can also create home directories on a central server and then automatically mount or access these remote file systems when the user logs in to a system.
1.2В About Files Storing User and Group Information
Unless you select a different authentication mechanism during installation or use the authselect command to create an authentication profile, Oracle Linux verifies a user’s identity by using the information that is stored in the /etc/passwd and /etc/shadow files.
The /etc/passwd file stores account information for each user such as his or her unique user ID (or UID , which is an integer), user name, home directory, and login shell. A user logs in using his or her user name, but the operating system uses the associated UID. When the user logs in, he or she is placed in his or her home directory and his or her login shell runs.
The /etc/group file stores information about groups of users. A user also belongs to one or more groups, and each group can contain one or more users. If you can grant access privileges to a group, all members of the group receive the same access privileges. Each group account has a unique group ID ( GID , again an integer) and an associated group name.
By default, Oracle Linux implements the user private group ( UPG ) scheme where adding a user account also creates a corresponding UPG with the same name as the user, and of which the user is the only member.
Only the root user can add, modify, or delete user and group accounts. By default, both users and groups use shadow passwords, which are cryptographically hashed and stored in /etc/shadow and /etc/gshadow respectively. These shadow password files are readable only by the root user. The root user can set a group password that a user must enter to become a member of the group. If a group does not have a password, a user can only join the group if the root user adds that user as a member.
A user can use the newgrp command to log into a new group or to change the current group ID during a login section. If the user has a password, he or she can add group membership on a permanent basis. See the newgrp(1) manual page.
The /etc/login.defs file defines parameters for password aging and related security policies.
For more information about the content of these files, see the group(5) , gshadow(5) , login.defs(5) , passwd(5) , and shadow(5) manual pages.
1.3В Changing Default Settings for User Accounts
To display the default settings for a user account, use the following command:
The following output is displayed:
INACTIVE : Specifies after how many days the system locks an account if a user’s password expires. If set to 0, the system locks the account immediately. If set to -1, the system does not lock the account.
SKEL : Defines a template directory, whose contents are copied to a newly created user’s home directory. The contents of this directory should match the default shell defined by SHELL .
You can specify options to useradd -D to change the default settings for user accounts. For example, to change the defaults for INACTIVE , HOME and SHELL :
If you change the default login shell, you would most likely also create a new SKEL template directory that contains contents that are appropriate to the new shell.
If you specify /sbin/nologin for a user’s SHELL , that user cannot log into the system directly but processes can run with that user’s ID. This setting is typically used for services that run as users other than root .
The default settings are stored in the /etc/default/useradd file.
For more information, see Section 1.9, “Configuring Password Ageing” and the useradd(8) manual page.
1.4В Creating User Accounts
To create a user account by using the useradd command:
Create a user account by using the useradd command:
You can specify options to change the account’s settings from the default ones.
By default, if you specify a user name argument but do not specify any options, useradd creates a locked user account using the next available UID and assigns a user private group (UPG) rather than the value defined for GROUP as the user’s group.
Assign a password to the account to unlock it as follows:
The command prompts you to enter a password for the account.
If you want to change the password non-interactively (for example, from a script), use the chpasswd command instead:
Alternatively, you can use the newusers command to create a number of user accounts at the same time.
For more information, see the chpasswd(8) , newusers(8) , passwd(1) , and useradd(8) manual pages.
1.4.1В About umask and the setgid and Restricted Deletion Bits
Users whose primary group is not a UPG have a umask of 0022 set by /etc/profile or /etc/bashrc , which prevents other users, including other members of the primary group, from modifying any file that the user owns.
A user whose primary group is a UPG has a umask of 0002. It is assumed that no other user has the same group.
To grant users in the same group write access to files within the same directory, change the group ownership on the directory to the group, and set the setgid bit on the directory:
Files that are created in such a directory have their group set to that of the directory rather than the primary group of the user who creates the file.
The restricted deletion bit prevents unprivileged users from removing or renaming a file in the directory unless they own either the file or the directory.
To set the restricted deletion bit on a directory:
For more information, see the chmod(1) manual page.
1.5В Locking an Account
To lock a user’s account, use the passwd command with the -l option:
To unlock the account, specify the -u option:
For more information, see the passwd(1) manual page.
1.6В Modifying or Deleting User Accounts
To modify a user account, use the usermod command:
For example, to add a user to a supplementary group (other than his or her login group):
You can use the groups command to display the groups to which a user belongs, for example:
To delete a user’s account, use the userdel command:
For more information, see the groups(1) , userdel(8) and usermod(8) manual pages.
1.7В Creating Groups
To create a group by using the groupadd command:
Typically, you might want to use the -g option to specify the group ID (GID). For example:
For more information, see the groupadd(8) manual page.
1.8В Modifying or Deleting Groups
To modify a group, use the groupmod command:
To delete a user’s account, use the groupdel command:
For more information, see the groupdel(8) and groupmod(8) manual pages.
1.9В Configuring Password Ageing
To specify how users’ passwords are aged, edit the following settings in the /etc/login.defs file:
Maximum number of days for which a password can be used before it must be changed. The default value is 99,999 days.
Minimum number of days that is allowed between password changes. The default value is 0 days.
Number of days warning that is given before a password expires. The default value is 7 days.
For more information, see the login.defs(5) manual page.
To change how long a user’s account can be inactive before it is locked, use the usermod command. For example, to set the inactivity period to 30 days:
To change the default inactivity period for new user accounts, use the useradd command:
A value of -1 specifies that user accounts are not locked due to inactivity.
For more information, see the useradd(8) and usermod(8) manual pages.
1.10В Granting sudo Access to Users
By default, an Oracle Linux system is configured so that you cannot log in directly as the root user. You must log in as a named user before using either su or sudo to perform tasks as root . This configuration allows system accounting to trace the original login name of any user who performs a privileged administrative action. If you want to grant certain users authority to be able to perform specific administrative tasks via sudo , use the visudo command to modify the /etc/sudoers file.
For example, the following entry grants the user erin the same privileges as root when using sudo , but defines a limited set of privileges to frank so that he can run commands such as systemctl , rpm , and dnf :
For more information, see the su(1) , sudo(8) , sudoers(5) , and visudo(8) manual pages.
This topic does not apply to Oracle Cloud Infrastructure or to Oracle Cloud at Customer.
Both compute nodes are provisioned with the following operating system user accounts.
The system administrator account you use to connect to the compute node using SSH. This user can use the sudo command to perform operations that require root-user access.
The Oracle Database administrator account you use to access the system and perform non-root database administration tasks. A home directory, /home/oracle , is created for this user. This user cannot use the sudo command to perform operations that require root-user access. Additionally, by default you cannot connect as this user to the compute node using SSH. You can add the public key to the user’s $HOME/.ssh/authorized_keys file to grant persistent SSH access, or you can connect as the opc user and then use the sudo -s command to start a root-user command shell, followed by an su — oracle command to switch to the oracle user.
The Oracle Grid Infrastructure administrator account you use to perform ASM, ACFS, and clusterware administration tasks. A home directory, /home/grid , is created for this user. This user cannot use the sudo command to perform operations that require root-user access. Additionally, by default you cannot connect as this user to the compute node using SSH. You can add the public key to the user’s $HOME/.ssh/authorized_keys file to grant persistent SSH access, or you can connect as the opc user and then use the sudo -s command to start a root-user command shell, followed by an su — grid command to switch to the grid user.
The root administrator for the system. You do not have direct access to this account. To perform operations that require root-user access, use the sudo command as the opc user.
The following environment variable settings are created for the opc , oracle and grid users.
The home directory of the user, either /home/opc , /home/oracle or /home/grid .
The host name of the compute node:
deployment-name 1 for the first compute node
deployment-name 2 for the second compute node
The system language, en_US.UTF-8 .
The default shell, /bin/bash .
The user name, either opc , oracle or grid .
In addition, the PATH variable is also created for all three users, but its value differs (line breaks added to improve clarity):
For the opc user:
For the oracle user:
where db-version is 18.0.0 , 12.2.0.1 , 12.1.0.2 or 11.2.0.2 , depending on which version of Oracle Database was installed.
For the grid user:
In addition, the following environment variable settings are created for the oracle user.
The Oracle Database library directory:
For Oracle Database 18c, /u01/app/oracle/product/18.0.0/dbhome_1/lib
For Oracle Database 12c Release 2, /u01/app/oracle/product/12.2.0.1/dbhome_1/lib
For Oracle Database 12c Release 1, /u01/app/oracle/product/12.1.0.2/dbhome_1/lib
For Oracle Database 11g Release 2, /u01/app/oracle/product/11.2.0.2/dbhome_1/lib
The Oracle Database home directory:
For Oracle Database 18c, /u01/app/oracle/product/18.0.0/dbhome_1
For Oracle Database 12c Release 2, /u01/app/oracle/product/12.2.0.1/dbhome_1
For Oracle Database 12c Release 1, /u01/app/oracle/product/12.1.0.2/dbhome_1
For Oracle Database 11g Release 2, /u01/app/oracle/product/11.2.0.2/dbhome_1
The database system identifier (SID) for the database instance on the compute node:
db-sid 1 for the first compute node
db-sid 2 for the second compute node
where db-sid is the database system identifer (SID) provided as the DB Name (SID) value during the database deployment creation process.
The database system identifer (SID) provided as the DB Name (SID) value during the database deployment creation process.
In addition, the following environment variable settings are created for the grid user.
Set to /u01/app/12.1.0.2/grid/lib .
The Oracle Grid Infrastructure home directory: /u01/app/12.1.0.2/grid .
This topic does not apply to Oracle Cloud Infrastructure or to Oracle Cloud at Customer.
