Commands Reference, Volume 3

lsgroup Command

Syntax

lsgroup [ -R load_module ] [ -c | -f ] [ -a List ] {ALL | Group [ ,Group ] ...}

The lsgroup command displays group attributes. You can use this command to list all the system groups and their attributes or you can list all the attributes of individual groups. Since there is no default parameter, you must enter the ALL keyword to list all the system groups and their attributes. All the attributes described in the chgroup command appear. If the lsgroup command cannot read one or more attributes, it lists as much information as possible. To view a selected attribute, use the -a List flag.

Note: If you have a Network Information Service (NIS) database installed on your system, some user information may not appear when you use the lsgroup command.

By default, the lsgroup command lists each group on one line. It displays attribute information as Attribute=Value definitions, each separated by a blank space. To list the group attributes in stanza format, use the -f flag. To list the information in colon-separated records, use the -c flag.

You can use a Web-based System Manager Users application (wsm users fast path) to run this command. You could also use the System Management Interface Tool (SMIT) smit lsgroup fast path to run this command.

Flags

-a List	Specifies the attributes to display. The List parameter can include any attribute defined in the chgroup command, and requires a blank space between attributes. If you specify an empty list, only the group names are listed.
-c	Displays the attributes for each group in colon-separated records, as follows: #name: attribute1: attribute2: ... Group: value1: value2: ...
-f	Displays the group attributes in stanzas. Each stanza is identified by a group name. Each Attribute=Value pair is listed on a separate line: group: attribute1=value attribute2=value attribute3=value
-R load_module	Specifies the loadable I&A module used to get the group attribute list.

Security

Access Control: This command should be a general user program with execute (x) access for all users. Attributes are read with the access rights of the invoker, so all users may not be able to access all the information. This depends on the access policy of your system. This command should have the trusted computing base attribute.

Files Accessed:

Mode	File
r	/etc/group
r	/etc/security/group
r	/etc/passwd

Limitations

Listing a group may not be supported by all loadable I&A modules. If the loadable I&A module does not support listing a group, then an error is returned.

Examples

To display the attributes of the finance group in the default format, type:
```
lsgroup finance
```
To display the id, members (users), and administrators (adms) of the finance group in stanza format, type:
lsgroup -f -a id users adms finance
To display the attributes of all the groups in colon-separated format, type:
lsgroup -c ALL
All the attribute information appears, with each attribute separated by a blank space.
To display the attributes of the LDAP I&A loadable module group monsters, type:
```
lsgroup -R LDAP monsters
```

Files

/usr/sbin/lsgroup	Contains the lsgroup command.
/etc/group	Contains the basic attributes of groups.
/etc/security/group	Contains the extended attributes of groups.
/etc/passwd	Contains user IDs, user names, home directories, login shell, and finger information.

Related Information

The chfn command, chgroup command, chgrpmem command, chsh command, chuser command, lsuser command, mkgroup command, mkuser command, passwd command, pwdadm command, rmgroup command, rmuser command, setgroups command, setsenv command.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.

For information on installing the Web-based System Manager, see Chapter 2: Installation and System Requirements in AIX 5L Version 5.1 Web-based System Manager Administration Guide.