lsuser Command

Purpose

Displays user account attributes.

Syntax

lsuser [ -R load_module ] [ -c | -f ] [ -a List ] { ALL | Name [ ,Name ] ... }

Description

The lsuser command displays the user account attributes. You can use this command to list all attributes of all the system users or all the attributes of specific users. Since there is no default parameter, you must enter the ALL keyword to see the attributes of all the users. By default, the lsuser command displays all user attributes. To view selected attributes, use the -a List flag. If one or more attributes cannot be read, the lsuser command lists as much information as possible.

Note: If you have a Network Information Service (NIS) database installed on your system, some user information may not appear when you use the lsuser command.

By default, the lsuser command lists each user's attributes on one line. It displays attribute information as Attribute=Value definitions, each separated by a blank space. To list the user attributes in stanza format, use the -f flag. To list the information as colon-separated records, use the -c flag.

You can use the Users application in Web-based System Manager (wsm) to change user characteristics. You could also use the System Management Interface Tool (SMIT) smit lsusers fast path to run this command.

Flags

Item Description
-a List Lists the attributes to display. The List variable can include any attribute defined in the chuser command and requires a blank space between attributes. If you specify an empty list, only the user names are displayed.
-c Displays the user attributes in colon-separated records, as follows: 
# name:  attribute1:  attribute2:  ... 
  User:  value1:      value2:      ...
-f Displays the output in stanzas, with each stanza identified by a user name. Each Attribute=Value pair is listed on a separate line: 
user:
       attribute1=value
       attribute2=value
       attribute3=value
-R load_module Specifies the loadable I&A module used to display the user account attributes.

Exit Status

This command returns the following exit values:
Item Description
0 The command runs successfully and all requested changes are made.
>0 An error occcured. The printed error message lists further details to the type of failure.

Security

Access Control: This command should be a general user program with execute (x) access for all users. Since the attributes are read with the access rights of the user who invokes the command, some users may not be able to access all the information. This command should have the trusted computing base attribute.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX® Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
To get the full functionality of the command, besides the accessauths, the role should also have the aix.security.user.audit authorization.

On a Trusted AIX system, only users with authorization aix.mls.clear.read can list clearance attributes of other users. See Trusted AIX in the AIX Version 7.1 Security for more information.

Files Accessed:

Mode File
r /etc/passwd
r /etc/security/user
r /etc/security/user.roles
r /etc/security/limits
r /etc/security/environ
r /etc/group
r /etc/security/audit/config
r /etc/security/enc/LabelEncodings

Examples

  1. To display the user id and group-related information about the smith account in stanza form, enter: 
    lsuser -f -a id pgrp groups admgroups smith
    Information similar to the following appears: 
    smith:
   ID=2457
   pgrp=system
   groups=system,finance,staff,accounting
   admgroups=finance,accounting
  2. To display the user id, groups, and home directory of smith in colon format, enter: 
    lsuser -c -a id home groups smith
    Information like the following appears: 
    # name: ID:home:groups
smith:  2457:/home/smith:system,finance,staff,accounting
  3. To display all the attributes of user smith in the default format, enter: 
    lsuser smith
    All the attribute information appears, with each attribute separated by a blank space.
  4. To display all the attributes of all the users, enter: 
    lsuser ALL
    All the attribute information appears, with each attribute separated by a blank space.

Files

Item Description
/usr/sbin/lsuser Contains the lsuser command.
/etc/passwd Contains basic user information.
/etc/security/limits Defines resource quotas and limits for each user.
/etc/security/user Contains the extended attributes of users.
/etc/security/user.roles Contains the administrative role attributes of users.
/etc/security/environ Contains the environment attributes of users.
/etc/group Contains basic group attributes.
/etc/security/audit/config Contains the audit configuration files.
/etc/security/enc/LabelEncodings Contains label definitions for the Trusted AIX system.