1

When I start Ubuntu there is a list of users I can click and enter the password for to log in.

How do I get a list of these users?

I tried to get users from the /etc/passwd file by doing this:

cut -d: -f1 /etc/passwd | sort -u

But this list was huge, nothing like the small list that shows up in the initial login screen.

Is there some other command or file I should be checking?

muru
  • 197,895
  • 55
  • 485
  • 740
AJJ
  • 862
  • log in how ? You can run sudo passwd -aS to see the status of users, but users may be able to log in via ssh or Kerberos or even connect via VNC. – Panther Oct 04 '17 at 01:41
  • You mean human users? – Redbob Oct 04 '17 at 02:01
  • 1
    While the answers here work for typical desktop scenarios take care that they have potential flaws as they are based on UID and do not take certain uncommon logins such as ssh and thus may not detect accounts created or modified by crackers. See https://serverfault.com/questions/576071/how-do-you-tell-if-a-user-is-allowed-to-log-in-on-linux – Panther Oct 04 '17 at 14:06

3 Answers3

1

Users created with useradd have a UID of 1000–60000, see

$ grep "^UID_M*" /etc/login.defs
UID_MIN                  1000
UID_MAX                 60000

With this information we can filter /etc/passwd for these users:

$ awk -F: '$3 >= 1000' /etc/passwd
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
dessert:x:1000:1000:dessert,,,:/home/dessert:/bin/bash
test:x:1001:1001:test,,,:/home/test:/bin/bash

-F: sets : as the field delimiter and $3 >= 1000 tells awk to just print lines where the third column contains a value equal to or greater than 1000. Now we only want the username and nobody isn't relevant for us, so let's trim the output even more:

$ awk -F: '$3 >= 1000 && $1 != "nobody" {print $1}' /etc/passwd
dessert
test

Now we also (&&) test for the first column to not be (!=) the string nobody and only print the first column (print $1).

dessert
  • 39,982
0

Loginable users must have a valid hashed password. Look at the second field (delimited by colons :) in the /etc/shadow file and the hashes are big, 60+ characters. The fields with just an * or a ! cannot be login users. Amusingly, the uuid check is improperly used on libvirt-qemu (64055 uuid), so it shows up on the login screen, even though it does not have a valid hash, and cannot be used as a login name. Produce the login list with:

sudo egrep -v ":\*:|:\!:" /etc/shadow
ubfan1
  • 17,838
  • 1
    I get bash: ": unrecognized history modifier when I try this – AJJ Oct 04 '17 at 04:35
  • Also doesn't seem to be fully accurate since I can useradd someone new, not give them a password, and they show up in the login screen but simply have no usable password since they have ! in the /etc/shadow file. Meanwhile "root" has the same password ! and yet does not show up in the login screen. – AJJ Oct 04 '17 at 04:42
  • Sorry, lost a backslash before the !, fixed now. – ubfan1 Oct 04 '17 at 15:15
0

To get the loginable users we can use the /etc/passwd file since every user with a UID greater than 499 and that does not match the configuration settings in /etc/lightdm/user.conf will appear on the login screen. Hence this will get these users:

cut -d: -f1-3 /etc/passwd | grep -E ".*:x:[0-9]{4,}" | grep -Ev "nobody"

Or using a more concise awk code as suggested by @dessert

awk -F: '$3>999&&$1!="nobody" { print $1" "$3 }' /etc/passwd

Awk explanation:

-F:: Use : as the field separator

$3>999&&$1!="nobody": return values that match 3rd field that's greater than 999 and 1st field which does not match string nobody

An example is user nobody with minimum UID above 500 but is not seen on the login screen since it's listed as user that should not be as seen in the /etc/lightdm/users.conf

dessert
  • 39,982
George Udosen
  • 36,677