Recently, I received a really interesting question from my customer. He found out in his file system two files (directories), which belong to an user that not in /etc/passwd . Specifically in Ubuntu Linux 18.04, these 2 files are /var/lib/private/systemd /var/lib/private/systemd/timesync These two files belong to a user named systemd-timesync with UID/GID in 62583 and this user does not belong to /etc/passwd . Traditionally, a Linux user does not always need to be in /etc/passwd because it can come from many remote sources, for example LDAP NIS / NIS+ server Windows Domain Controller Server ... All current users, both from /etc/passwd and remote sources, can be queried by getent command [1] $ getent passwd Unfortunately, Our systemd-timesync user does not appear in getent list A quick Google points to an article [2], written by systemd developer - Lennart Poettering , explaining about DynamicUser feature. It turns out that DynamicUser was introduced from sy