lsgroup Command

Purpose

Displays group attributes.

Syntax

lsgroup [ -R load_module ] [ -c | -f ] [ -a List ] {ALL | Group [ ,Group ] ...}

Description

The lsgroup command displays group attributes. You can use this command to list all the system groups and their attributes or you can list all the attributes of individual groups. Since there is no default parameter, you must enter the ALL keyword to list all the system groups and their attributes. All the attributes described in the chgroup command appear. If the lsgroup command cannot read one or more attributes, it lists as much information as possible. To view a selected attribute, use the -a List flag.

Note: If you have a Network Information Service (NIS) database installed on your system, some user information may not appear when you use the lsgroup command.

By default, the lsgroup command lists each group on one line. It displays attribute information as Attribute=Value definitions, each separated by a blank space. To list the group attributes in stanza format, use the -f flag. To list the information in colon-separated records, use the -c flag.

You can use a Web-based System Manager Users application (wsm users fast path) to run this command. You could also use the System Management Interface Tool (SMIT) smit lsgroup fast path to run this command.

Flags

Item Description
-a List Specifies the attributes to display. The List parameter can include any attribute defined in the chgroup command, and requires a blank space between attributes. If you specify an empty list, only the group names are listed.
-c Displays the attributes for each group in colon-separated records, as follows:
#name:  attribute1:  attribute2:  ...
Group:  value1:      value2:      ...
-f Displays the group attributes in stanzas. Each stanza is identified by a group name. Each Attribute=Value pair is listed on a separate line:
group:
      attribute1=value
      attribute2=value
      attribute3=value
-R load_module Specifies the loadable I&A module used to get the group attribute list.

Exit Status

This command returns the following exit values:
Item Description
0 The command runs successfully and all requested changes are made.
>0 An error occurred. The printed error message lists further details about the type of failure.

Security

Access Control: This command should be a general user program with execute (x) access for all users. Attributes are read with the access rights of the invoker, so all users may not be able to access all the information. This depends on the access policy of your system. This command should have the trusted computing base attribute.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX® Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Files Accessed:

Mode File
r /etc/group
r /etc/security/group
r /etc/passwd

Limitations

Listing a group may not be supported by all loadable I&A modules. If the loadable I&A module does not support listing a group, then an error is returned.

Examples

  1. To display the attributes of the finance group in the default format, type:
    lsgroup finance
  2. To display the id, members (users), and administrators (adms) of the finance group in stanza format, type:

    lsgroup  -f  -a id users adms finance

  3. To display the attributes of all the groups in colon-separated format, type:

    lsgroup  -c ALL

    All the attribute information appears, with each attribute separated by a blank space.
  4. To display the attributes of the LDAP I&A loadable module group monsters, type:
    lsgroup -R LDAP monsters

Files

Item Description
/usr/sbin/lsgroup Contains the lsgroup command.
/etc/group Contains the basic attributes of groups.
/etc/security/group Contains the extended attributes of groups.
/etc/passwd Contains user IDs, user names, home directories, login shell, and finger information.