Linux list users: Powerful Ways to Display All Users in the Terminal

When managing a Linux system whether it’s a small VPS or a large production server knowing who the users are is critical. Every user account, from regular human users to system service accounts, has permissions and roles that directly impact the security and stability of the system. For administrators, listing users isn’t just a curiosity it’s a necessity for monitoring, troubleshooting, and securing the server environment.

Linux offers multiple ways to display users, ranging from simple commands that output raw data to advanced utilities that integrate with system libraries. Unlike Windows, which has a centralized graphical interface for user management, Linux is command-line driven, and learning these commands will give you full control and confidence as a sysadmin.

In this guide, we’ll explore different methods to list users in Linux, explain how to interpret the results, and cover common mistakes to avoid. By the end, you’ll not only know how to list all users, but also how to filter, analyze, and secure your user accounts effectively.

Why You Need to List Users in Linux

Listing users is about more than just curiosity—it’s part of system hygiene. Over time, multiple accounts may accumulate on a server: test users, old developers, or even automated service accounts left behind after uninstalled software. Each of these could potentially become a security risk if left unchecked.

By regularly listing and auditing users, administrators can:

• Improve Security: Spot suspicious or unknown accounts.
• Manage Permissions: Ensure users only have the access they truly need.
• Troubleshoot Issues: Identify which users are logged in or running specific processes.
• Maintain Organization: Keep the system clean by removing unused accounts.

Understanding who exists on your system is the first step toward tighter control and reduced risk.

Method 1: Display All Users with /etc/passwd File

The most basic way to see all users on a Linux system is to view the /etc/passwd file. Despite its name, this file doesn’t store passwords anymore (that responsibility moved to /etc/shadow for security). Instead, it contains essential user account details.

Each line in the file represents a user account, and the fields are separated by colons (:). The structure is:

username:x:UID:GID:comment:home_directory:default_shell

• username → The account name
• UID → Unique ID (0 = root, <1000 = system users, ≥1000 = normal users)
• GID → Group ID
• comment → Usually full name or description
• home_directory → Path to user’s home folder
• default_shell → Command shell (like /bin/bash or /usr/sbin/nologin)

This will list every account, including system and service accounts. While useful, the output can be overwhelming, which is why admins often filter it.

Method 2: Using the getent Command

While /etc/passwd works on almost all Linux systems, it has one limitation: it only reads directly from the local file. Modern Linux environments often rely on other sources for authentication, such as LDAP (Lightweight Directory Access Protocol), NIS (Network Information Service), or other centralized authentication databases. In those cases, simply checking /etc/passwd won’t give you the full picture.

That’s where the getent command comes in. getent queries the Name Service Switch (NSS) libraries, which means it can pull user data not only from /etc/passwd, but also from any other authentication sources configured on your system. This makes it more flexible and reliable for both small and enterprise environments.

To list all users using getent:

getent passwd

You can combine getent with filtering tools like cut or awk to extract only what you need (e.g., just usernames). For example:

getent passwd | cut -d: -f1

Method 3: Filtering Only Usernames (with cut and awk)

This will return a clean list of usernames only, which is often what administrators need for audits.When you use cat /etc/passwd or getent passwd, the output contains multiple fields username, UID, GID, home directory, shell, and more. But in many cases, all you really need is a list of usernames. For example, when auditing users, setting permissions, or generating reports, extra details just add noise.

Luckily, Linux provides tools like cut and awk that make it easy to filter the data.

Using cut to List Only Usernames

The cut command allows you to “cut out” specific fields from structured text. Since /etc/passwd uses a colon (:) as a delimiter, we can tell cut to extract just the first field (the username).

cat /etc/passwd | cut -d: -f1

• -d: → sets the delimiter as :
• -f1 → selects the first field (the username)

Using awk to List Only Usernames

awk is more powerful than cut and is often used for text processing. With awk, you can specify a delimiter and print specific fields.

awk -F: '{print $1}' /etc/passwd

• -F: → tells awk that the delimiter is :
• {print $1} → prints the first field, which is the username

This achieves the same result as cut, but awk is more flexible for advanced filtering.

Method 4: Listing Currently Logged-In Users (with who, w, and users)

So far, we’ve looked at commands that display all users configured on the system. But sometimes, as a sysadmin, you don’t need to see every account—you need to know who is currently logged in right now. This is especially useful for:

1. Monitoring active sessions on a multi-user system
2. Checking if unauthorized users are logged in
3. Troubleshooting issues when multiple admins are working on the same server

Linux provides three main commands for this purpose: who, w, and users. Each has its own level of detail.

Using the who Command

The who command displays information about currently logged-in users.

who

Example output:

john     pts/0        2025-09-23 09:12 (192.168.1.10)
mary     pts/1        2025-09-23 09:15 (192.168.1.11)

• john, mary → usernames
• pts/0, pts/1 → terminal sessions
• 2025-09-23 09:12 → login time
• 192.168.1.10 → IP address of the session

This is a straightforward way to see who’s active.

Using the w Command

The w command is like who but provides much more detail.

w

Example output:

10:05:34 up  2:31,  2 users,  load average: 0.12, 0.08, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
john     pts/0    192.168.1.10     09:12    5:12   0.02s  0.01s bash
mary     pts/1    192.168.1.11     09:15    2:03   0.10s  0.03s top

• System uptime and load average at the top.
• Users → who is logged in.
• Login time, idle time → how long they’ve been active.
• WHAT → the exact command they’re running (e.g., bash, top).

This makes w ideal for real-time monitoring of logged-in users.

Using the users Command

The users command is the simplest of the three. It just prints a space-separated list of logged-in usernames.

users

Example output:

john mary

No timestamps, no terminals, just usernames. It’s handy when you just want a quick glance.

Method 5: Checking User Groups and Details (with id and groups)

Knowing which users exist on your system is only half the story. Every user in Linux is associated with one or more groups, which define their permissions and access rights. Groups are fundamental to Linux security because they control:

1. Which files and directories a user can access
2. What commands or services a user can run
3. How collaborative environments (like dev teams) share resources

To check a user’s UID, GID, and group memberships, Linux provides the id and groups commands.

Using the id Command

The id command gives a detailed snapshot of a user’s identity and group memberships.

id john

Example output:

uid=1001(john) gid=1001(john) groups=1001(john),27(sudo),1002(developers)

• uid=1001(john) → John’s User ID (UID) is 1001.
• gid=1001(john) → John’s primary Group ID (GID) is 1001.
• groups=1001(john),27(sudo),1002(developers) → John is also part of the sudo group (admin rights) and the developers group.

This makes id perfect for understanding both the identity and role of a user in the system.

Using the groups Command

The groups command is simpler it only shows which groups a user belongs to.

groups john

Example output:

john : john sudo developers

• The first john → username
• The rest → groups John is a member of

This is handy when you just want a quick view of group memberships without UID/GID details.

Method 6: Reading /etc/group for User Groups

So far, we’ve focused on listing individual users, but in Linux, users are often managed via groups. The /etc/group file contains group definitions and user memberships. By examining this file, you can see which users belong to specific groups, which is vital for permissions and access control.

cat /etc/group

Example output:

sudo:x:27:alice,bob

• Group name: sudo → Defines the group.
• Password placeholder: x → Historically used, now managed via /etc/gshadow.
• GID (Group ID): 27 → Numeric identifier for the group.
• Members: alice,bob → Users assigned to this group.

This outputs the groups the user belongs to, which is critical when debugging permission-related issues.

Conclusion

Listing users in Linux is not just about running a quick command it’s about understanding how the system manages accounts, sessions, and permissions. From the classic /etc/passwd file to modern utilities like getent, and from login tracking with last to group auditing via /etc/group, Linux provides multiple layers of visibility.

Ultimately, the best method depends on your needs: security auditing, troubleshooting, or just exploring who’s on your system. By mastering these commands, you’ll gain deeper control over your Linux environment and ensure smoother system administration.

FAQ