lsuser Command

Purpose

Displays user account attributes.

Syntax

lsuser [ -R load_module ] [ -c | -C | -f ] [ -a List ] { ALL | Name [ ,Name ] ... }

Description

The lsuser command displays the user account attributes. You can use this command to list all attributes of all the system users or all the attributes of specific users. Since there is no default parameter, you must enter the ALL keyword to see the attributes of all the users. By default, the lsuser command displays all user attributes. To view selected attributes, use the -a List flag. If one or more attributes cannot be read, the lsuser command lists as much information as possible, but does not display empty attributes.

Note: If the domainlessgroups attribute is set in the /etc/secvars.cfg file, the lsuser command lists the merged group from the LDAP module and the LOCAL module, if present.

By default, the lsuser command lists each user's attributes on one line. It displays attribute information as Attribute=Value definitions, each separated by a blank space. To list the user attributes in stanza format, use the -f flag. To list the information as colon-separated records, use the -c or -C flag.

You can use the System Management Interface Tool (SMIT) smit lsusers fast path to run this command.

Flags

Item	Description
-a List	Lists the attributes to display. The List variable can include any attribute that is defined in the chuser command and requires a blank space between attributes. If you specify an empty list, only the user names are displayed.
-c	Displays the user attributes in colon-separated records, as follows: `# name: attribute1: attribute2: ... User: value1: value2: ...` If a value contains a `:` symbol, then in the output `:` symbol is prefixed with the `#!` symbols.
-C	Displays the user attributes in colon-separated records that are easier to parse than the output of the -c flag: `#name:attribute1:attribute2: ... User1:value1:value2: ... User2:value1:value2: ...` The output is preceded by a comment line that has details about the attribute represented in each colon-separated field. If you also specify the -a flag, the order of the attributes matches the order specified in the -a flag. If you do not have a value for a given attribute, the field is still displayed, but is empty. If a value contains a `:` symbol, then in the output the `:` symbol is prefixed with `#!` symbols.The last field in each entry ends with a newline character rather than a colon.
-f	Displays the output in stanzas, with each stanza identified by a user name. Each Attribute=Value pair is listed on a separate line: `user: attribute1=value attribute2=value attribute3=value`
-R load_module	Specifies the loadable I&A module that is used to display the user account attributes. If the domainlessgroups attribute is set in the /etc/secvars.cfg file and the -R LDAP command is used, the attribute list is obtained from the LOCAL module. This condition applies if the user exists on the LOCAL module, and does not exist on the LDAP module. This condition also applies to the -R files command.

Exit Status

This command returns the following exit values:

Item	Description
0	The command runs successfully and all requested changes are made.
>0	An error occurred. The printed error message lists further details to the type of failure.

Security

Access Control: This command must be a general user program with execute (x) access for all users. Since the attributes are read with the access rights of the user who starts the command, some users might not be able to access all the information. This command must have the trusted computing base attribute.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

To get the full functionality of the command, besides the accessauths, the role must also have the aix.security.user.audit authorization.

On a Trusted AIX® system, only users with authorization aix.mls.clear.read can list clearance attributes of other users. See Trusted AIX in the Security for more information.

Files Accessed:

Mode	File
r	/etc/passwd
r	/etc/security/user
r	/etc/security/user.roles
r	/etc/security/limits
r	/etc/security/environ
r	/etc/group
r	/etc/security/audit/config
r	/etc/security/enc/LabelEncodings

Examples

To display the user id and group-related information about the smith account in stanza form, enter the following command:
```
lsuser -f -a id pgrp groups admgroups smith
```
Information similar to the following is displayed:
```
smith:
   ID=2457
   pgrp=system
   groups=system,finance,staff,accounting
   admgroups=finance,accounting
```
To display the user id, groups, and home directory of smith in colon format, enter the following command:
```
lsuser -c -a id home groups smith
```
Information similar to the following is displayed:
```
# name: ID:home:groups
smith:  2457:/home/smith:system,finance,staff,accounting
```
To display all the attributes of user smith in the default format, enter the following command:
```
lsuser smith
```
All the attribute information is displayed, with each attribute separated by a blank space.
To display all the attributes of all the users, enter the following command:
```
lsuser ALL
```
All the attribute information is displayed, with each attribute separated by a blank space.

Files

Item	Description
/usr/sbin/lsuser	Contains the lsuser command.
/etc/passwd	Contains basic user information.
/etc/security/limits	Defines resource quotas and limits for each user.
/etc/security/user	Contains the extended attributes of users.
/etc/security/user.roles	Contains the administrative role attributes of users.
/etc/security/environ	Contains the environment attributes of users.
/etc/group	Contains basic group attributes.
/etc/security/audit/config	Contains the audit configuration files.
/etc/security/enc/LabelEncodings	Contains label definitions for the Trusted AIX system.