lsgroup Command

Purpose

Displays group attributes.

Syntax

lsgroup [ -R load_module ] [ -c | -C | -f ] [ -a List ] {ALL | Group [ ,Group ] ...}

Description

The lsgroup command displays group attributes. You can use this command to list all the system groups and their attributes or you can list all the attributes of individual groups. Since there is no default parameter, you must enter the ALL keyword to list all the system groups and their attributes. All the attributes that are described in the chgroup command are displayed. If the lsgroup command cannot read one or more attributes, it lists as much information as possible, but does not display empty attributes. To view a selected attribute, use the -a List flag.

Note: If the domainlessgroups attribute is set in the /etc/secvars.cfg file, the lsgroup command lists the users from the LDAP module and the LOCAL module, if present.

By default, the lsgroup command lists each group on one line. It displays attribute information as Attribute=Value definitions, each separated by a blank space. To list the group attributes in stanza format, use the -f flag. To list the information in colon-separated records, use the -c or -C flag.

You can use the System Management Interface Tool (SMIT) smit lsgroup fast path to run this command.

Flags

Item	Description
-a List	Specifies the attributes to display. The List parameter can include any attribute that is defined in the chgroup command, and requires a blank space between attributes. If you specify an empty list, only the group names are listed.
-c	Displays the attributes for each group in colon-separated records, as follows: `#name: attribute1: attribute2: ... Group: value1: value2: ...` If a value contains a `:` symbol, then in the output `:` symbol is prefixed with the `#!` symbols.
-C	Displays the group attributes in colon-separated records that are easier to parse than the output of the -c flag: `#name:attribute1:attribute2: ... Group1:value1:value2: ... Group2:value1:value2: ...` The output is preceded by a comment line that has details about the attribute represented in each colon-separated field. If you also specify the -a flag, the order of the attributes matches the order specified in the -a flag. If you do not have a value for a given attribute, the field is still displayed, but is empty. If a value contains a `:` symbol, then in the output the `:` symbol is prefixed with `#!` symbols. The last field in each entry ends with a newline character rather than a colon.
-f	Displays the group attributes in stanzas. Each stanza is identified by a group name. Each Attribute=Value pair is listed on a separate line: `group: attribute1=value attribute2=value attribute3=value`
-R load_module	Specifies the loadable I&A module that is used to get the group attribute list. If the domainlessgroups attribute is set in the/etc/secvars.cfg file and the -R LDAP command is used, then the attribute list is obtained from the LOCAL module, if the group exists on the LOCAL module, and does not exist on the LDAP module. This condition also applies to the -R files command.

Exit Status

This command returns the following exit values:

Item	Description
0	The command runs successfully and all requested changes are made.
>0	An error occurred. The printed error message lists further details about the type of failure.

Security

Access Control: This command must be a general user program with execute (x) access for all users. Attributes are read with the access rights of the invoker, so all users might not be able to access all the information. This attribute depends on the access policy of your system. This command must have the trusted computing base attribute.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Files Accessed:

Mode	File
r	/etc/group
r	/etc/security/group
r	/etc/passwd

Limitations

Listing a group might not be supported by all loadable I&A modules. If the loadable I&A module does not support listing a group, then an error is returned.

Examples

To display the attributes of the finance group in the default format, enter the following command:
```
lsgroup finance
```
To display the id, members (users), and administrators (adms) of the finance group in stanza format, enter the following command:
lsgroup -f -a id users adms finance
To display the attributes of all the groups in colon-separated format, enter the following command:
lsgroup -c ALL
All the attribute information is displayed, with each attribute separated by a blank space.
To display the attributes of the LDAP I&A loadable module group monsters, enter the following command:
```
lsgroup -R LDAP monsters
```

Files

Item	Description
/usr/sbin/lsgroup	Contains the lsgroup command.
/etc/group	Contains the basic attributes of groups.
/etc/security/group	Contains the extended attributes of groups.
/etc/passwd	Contains user IDs, user names, home directories, login shell, and finger information.