Quick and Dirty: Finding Duplicate UIDS and Usernames in Linux

6a00d83451b31569e20167611e4ac0970b-800wiOk this one is going to be quick and dirty. I have been sitting in Starbucks for about 3 hours now in what at this point is the hardest and most uncomfortable chair in the world. At this point its almost torture.

Anyway, enough about my bottom. Ever had the need to search your /etc/password file for users with duplicate UIDS or duplicate usernames? Want to make sure that no other user, other than root, has a uid of 0? Well then today is your lucky day.

For this test I have added a couple of test users so that we have some results.

The command below is searching for any two users with the same UID, and will return a UID number of any UID that it finds twice.

[root@localhost ~]# getent passwd | cut -d: -f3 | sort -n | uniq -d

As you can see from the example above, the command found two users with the UID of 0. As we all know this is not good. Time to see who as been up to some funny business. Guess what, its was me. I added a user called testuser and manually changes his UID to 0.

Interesting item of note, you cannot just remove this user, as the system thinks that you are trying to remove the root user. First I need to edit /etc/passwd and manually change the user’s uid.

[root@localhost ~]# userdel testuser
userdel: user testuser is currently used by process 1
[root@localhost ~]# vi /etc/passwd
[root@localhost ~]# userdel testuser

Now lets search for any users with duplicated user names

[root@localhost ~]# getent passwd | cut -d: -f1 | sort -n | uniq -d

Sure enough, we find that there are duplicate users with the username testuser1. A quick grep confirms this

[root@localhost ~]# grep testuser1 /etc/passwd

And again, you just cannot delete these users, you must clean them up manually.

[root@localhost ~]# userdel testuser1
Multiple entries named ‘testuser1’ in /etc/passwd. Please fix this with pwck or grpck.
userdel: cannot remove entry ‘testuser1’ from /etc/passwd