Linux by itself has no accounts, but each distribution introduces its own. Additionally, different services (daemons) add their own accounts as well. All local accounts can be found in the /etc/passwd file. Common accounts that you will find among various distros include:

  • root—superuser account that can do anything
  • adm—used for diagnostics and monitoring
  • mail—handles email. Used by sendmail and postfix daemons
  • news—used for Usenet news
  • www-data—default website user
  • nobody—assigned by the NFS daemon to a mounted NFS share whose owner is not a local user
  • sshd—used for unprivileged operations by the SSH daemon
  • lp—used for the printer system
  • ftp—used for anonymous FTP access
  • uucp—controls ownership of serial ports

It is possible to add accounts to the root group. It is more likely, however, that accounts get admin privilege by being listed in the /etc/sudoers file. Accounts listed in this group can run commands as root. You can use various commands to find accounts and their privilege level on Linux.

To Do This Action:

Run This Command:

See all local accounts

cat /etc/passwd

See all password hashes

sudo cat /etc/shadow

Search for a particular account

grep jason /etc/passwd

See who has UID 0 (root)

getent passwd 0

See who is in the root group

getent group root

See who is in the wheel group (able to run the su command to change to root)

getent group wheel

See who is in the adm group (able to monitor the system and read log files)

getent group adm

See who is in the admin group (an administrative group in older distributions)

getent group admin

See who has the right to run the su command

sudo cat /etc/sudoers