Why CentOS User Management Matters
For system administrators working with CentOS (and its RHEL-compatible successors like Rocky Linux and AlmaLinux), user management isn’t just about listing accounts – it’s about enterprise-grade security, compliance, and system integration. Unlike generic Linux user guides, CentOS list users requires special attention to:
- SELinux user contexts
- Enterprise authentication methods (LDAP, Kerberos, Active Directory)
- Systemd-related service accounts
- Strict UID/GID conventions for compliance
This guide goes beyond basic cat /etc/passwd commands to show you the professional way to audit users in CentOS environments. For basic listing of user, systema admin and human user visit – Linux list users
Essential User Listing Commands (With CentOS Context)
1. The CentOS /etc/passwd Structure
bash
# Always use -w to avoid line breaks in corporate environments getent -w passwd
Key Differences from Generic Linux:
- System accounts range from UID 1-200 (not just 1-999)
- Special service accounts like
systemd-network(UID 192) - SELinux users appear with
_prefix (e.g.,_ssh_keys)
2. Enterprise-Ready User Filtering
bash
# List only human users (CentOS starts regular UIDs at 1000)
awk -F: '$3 >= 1000 && $3 < 60000 {print $1}' /etc/passwd
# Find service accounts (CentOS-specific range)
awk -F: '$3 >= 1 && $3 < 1000 {print $1}' /etc/passwdAdvanced Enterprise User Discovery
1. Listing Domain-Joined Users
bash
# Check FreeIPA/LDAP integration ipa user-find # For Active Directory joined systems: realm list adcli list-users
2. SELinux User Mapping
bash
# Show SELinux user contexts semanage user -l # Find which Linux users map to SELinux users semanage login -l
3. Systemd Service Accounts
bash
# List dynamic users created by systemd systemctl show --property=DynamicUser * | grep -i true
Security Auditing & Compliance
1. Password Policy Checks
bash
# Check password aging (CentOS uses chage) for user in $(cut -d: -f1 /etc/passwd); do echo -n "$user: "; chage -l $user | grep "Password expires"; done
2. Sudo Privileges Audit
bash
# CentOS-specific sudoers locations grep -r -i "ALL=(ALL)" /etc/sudoers.d/
3. Last Login Tracking
bash
# CentOS maintains additional logs in /var/log/secure
grep "Accepted password" /var/log/secure* | awk '{print $9}'Enterprise Tools & Scripts
1. Comprehensive User Report Script
bash
#!/bin/bash
echo "CENTOS USER AUDIT REPORT - $(date)"
echo "===================================="
echo -e "\n[1] LOCAL USERS"
getent passwd | awk -F: '$3 >= 1000 {print $1}' | while read user; do
echo -n "$user: "
groups $user | cut -d: -f2
done
echo -e "\n[2] DOMAIN USERS"
realm list 2>/dev/null || echo "Not domain-joined"
echo -e "\n[3] RECENT LOGINS"
last -n 104.2 Cockpit Web Interface
bash
# Enable for GUI management sudo systemctl enable --now cockpit.socket
Conclusion: The CentOS Admin’s Advantage
Unlike generic Linux systems, CentOS provides:
- Tighter integration with enterprise authentication
- Better compliance tracking through SELinux
- More detailed system logging
- Stronger default security policies
Pro Tip: Bookmark this command for daily use:
bash
sudo ausearch -m USER_LOGIN --interpret # Audit user logins via SELinux
This guide gives you the specialized knowledge needed to properly manage users in CentOS environments.
FAQs: CentOS User Management
Q1: How do I list all users in CentOS?
bash
getent passwd
This list all users in Centos including system accounts, local users, and domain users (if integrated with LDAP/Active Directory).
Q2: How to list only regular human users?
bash
awk -F: '$3 >= 1000 && $3 < 60000 {print $1}' /etc/passwdCentOS typically assigns regular users UIDs starting from 1000.
Q3: How to check if CentOS is joined to a domain?
bash
realm list
This shows Active Directory or FreeIPA domain join status.
Q4: How to list users from FreeIPA/LDAP?
bash
ipa user-find # For FreeIPA getent passwd | grep '@' # For general LDAP
Q5: How to find users with passwordless login?
bash
sudo grep '^[^:]*::' /etc/shadow
Warning: These accounts are security risks in enterprise environments.
Q6: How to check password expiration policies?
bash
sudo chage -l username # For specific user sudo grep ^PASS /etc/login.defs # Default policies
Q7: How to list SELinux user mappings?
bash
semanage user -l
Shows SELinux user types like staff_u, user_u, etc.
Q8: How to see which Linux users map to SELinux users?
bash
semanage login -l
Critical for troubleshooting access denied errors.
Q9: Why don’t domain users appear in /etc/passwd?
Domain users are managed externally. Use:
bash
getent passwd # Shows both local and domain users id username # Check if a domain user exists
Q10: How to find which users recently logged in?
bash
last -n 20 # Last 20 logins grep "Accepted password" /var/log/secure* # Detailed auth logs
Q11: How to list systemd dynamic users?
bash
systemctl show --property=DynamicUser * | grep -i true
These are temporary service accounts that don’t exist in /etc/passwd.
Q12: How to audit sudo privileges?
bash
sudo -l # For current user grep -r "ALL=(ALL)" /etc/sudoers.d/ # All privileged users
Q13: What’s the proper way to audit users in production?
bash
sudo ausearch -m USER_LOGIN --interpret | less
Uses SELinux audit logs for comprehensive tracking.
Q14: How often should we review user accounts?
- Monthly for compliance (SOX, HIPAA)
- Quarterly for general maintenance
- Immediately after employee termination
Q15: Where are user login attempts logged?
bash
/var/log/secure # Primary auth log
/var/log/audit/audit.log # SELinux audit logs
Q.16 How is CentOS user management different from regular Linux?
CentOS adds enterprise features like SELinux and LDAP integration. For standard Linux user listing methods, consult our Linux List Users article.
