Linux (and other Unixes) store user information in a file called passwd and the associated passwords in another file called shadow, both located in /etc. Both files are text files and use a : as the field separator.

I currently have the need to sort and filter these files in various ways. This post is mostly so I can look it up later, but if it is useful for others, you’re welcome.

Sort the passwd file by the user id

The user id is stored in the 3rd field of the file and it is numeric:

sort --numeric --field-separator=: --key=3 passwd


Remove computer accounts from passwd and shadow

If the computer is used as the domain controller for a Samba NT4 domain, the files contain entries for all computers in the the domain. These user name for these entries ends in a dollar sign “$”. So we need a regular expression that excludes all these entries.

grep -v "^[^:]*\$:" passwd
grep -v "^[^:]*\$:" shadow


Remove system users from passwd

On a Linux system there are many system accounts that are used for special purposes, e.g. for the web server, email or backup. These accounts have a user id < 1000 (this might be some specialty of Ubuntu Linux). We only want lines where the user id has 4 digits. We also must be sure that these 4 digits are in the user id field, so we have to anchor the regex on the start of the line and skip the name and password (always "x") field.
egrep “[^:]:x:[0-9]{4}:” passwd


(On servers with very many users, there may be user ids with more than 4 digits, but that doesn’t currently concern me.)