Well, actually I like to play with firewall configurations and I set up unbound and dnscrypt-proxy and I wanted to limit the users that are able to receive dns requests on localhost port 53. I was trying to figure out what user was listening. I haven't tried it yet, but I figure it is _dhcp and _unbound. It didn't work when I limited it to _unbound alone. Maybe I should have said that, but I wanted to generally know where the list was.
On Tue, May 9, 2017 at 1:57 PM andrew fabbro <and...@fabbro.org> wrote: > Listing all users is trivial - I don't think that's what he's asking. > > He's asking is "how do I list all *system* users", presumably in a way > that differentiates them from user accounts in some kind of authoritative > way. > > I don't think there is a way. You could: > > - Assume all users < uid 1000 are system users, but that is not hard > enforced to my knowledge. IIRC the OS will start with 1001 but an admin > could override that at user creation time. > > - Use your preferred programming language or utility to parse out entries > that begin with _ in /etc/passwd. That won't get non-service-account > entries like root, bin, etc. Also, I don't think there's a technical > prohibition to creating a new user account that starts with an underscore. > > - Differentiate by groups. i.e., if all your users are in one group, then > you know who isn't. > > I think if your admins don't do stupid things (create user accounts under > 1000, create accounts starting with _, etc.) then just parsing /etc/passwd > would likely be the simplest way. > > As practical experience, that's what I've done when migrating systems, > etc. I assume that people play by the rules, so if I need to identify all > the user accounts (to recreate them on a new system or something), I > exclude uids under 1000 as a starting point. > > > On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at> > wrote: > >> and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST): >> > On 05/06/17 14:27, Luke Small wrote: >> > > Is there a way to determine all users on a system that the users >> command >> > > doesn't seem to show? like _x11 and _ntpd >> >> users(1) - list current users >> >> I'd try ps(1) and get all active users from there. >> >> If you are after *all* users (inactive ones as well) you could use >> "getent(1) passwd" and parse from there. >> >> Marcus >> >> > What's a user? >> > >> > Maybe you want to look at /etc/passwd. The first four lines are >> > >> > root:*:0:0:Charlie &:/root:/bin/ksh >> > daemon:*:1:1:The devil himself:/root:/sbin/nologin >> > operator:*:2:5:System &:/operator:/sbin/nologin >> > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin >> > >> > You can parse that with awk and do stuff. Read about passwd(5) to >> > understand the format. A login shell of /sbin/nologin means >> > it isn't interactive. That might get you started? >> > >> > --STeve Andre' >> > >> > >> > !DSPAM:590e28ea17913841584367! >> > >> >> > > > -- > andrew fabbro > and...@fabbro.org > >
