lsuser command

Description

The lsuser command lists the users that are authorized for access. If no display options or operands are specified, this command lists all currently defined users. If no display options are specified, then only the user name is displayed.

Operands

This command optionally takes a user list as an operand. The user list also can be preceded by the -u | --users option.

Options

-A | --attribute attribute=attribute_value[,attribute2=attribute2_value,...]

Specifies a list of attributes as a comma separated list.

Tips:

• If an attribute requires more than one attribute value, enclose such values within quotes and separated by commas. For example, -A attr1="val1,val2",attr2=val3.
• The attributes and attribute values are not locale specific.
• You can use the smcli lsuser -l -v command to list all applicable user properties and associated descriptive information.

-d | --delimiter symbol

Specifies the character or set of characters that separates output data, where symbol is a string of one or more characters.

Tip: If the delimiter contains spaces, enclose it in quotation marks.

The behavior of this option depends on the use of other options in the command, as shown below.

• If you specify this option without the -A | --attribute option, this command separates data fields in a record by a comma followed by a space. Data records are separated by the specified delimiter symbol.
• If you specify this option with the -A | --attribute option, this command separates data fields in a record by the specified delimiter symbol. Data records are separated by a line break.
• If you specify this option with the -F | --format or -l | --long option, the delimiter option is ignored.

-f | --file file

Specifies a standard input pipe or a file that contains a list of users to target. Specify either the fully qualified name of the input file or a dash (-) to indicate that the data is read from the standard input pipe. If specifying a file, ensure that each item in the file is separated by a line break.

-h | -?

Displays the syntax and a brief description of the command.

Tip: If you specify additional options other than -h | -? | --help, the options are ignored.

--help

Displays detailed information about the command, including the syntax, a description of the command, a description of the options and operands, error codes, and examples.

Tips:

• If you specify additional options other than -h | -? | --help, the options are ignored.
• You can also display detailed help in the form of man pages using the man command_name command.

-l | --long

Specifies that the output is displayed in the following format:

<user>
		attribute1_name: attribute1_value
		attribute2_name: attribute2_value
		attribute3_name: attribute3_value
		attribute4_name: attribute4_value		

Note: When specified with just the -v option, all applicable user properties and their descriptions are listed.

-o | --oid

Specifies that the object ID is displayed in addition to other information.

The -o option can be used with the -l and -A options.

-p | --pipe

Specifies that only the object ID is displayed.

Tips:

• IDs are displayed as hexadecimal values, prefixed with 0x (for example, 0x37).
• When used alone, this option enables the output to be piped to other smcli commands.
• This option cannot be used with the -o | --oid options.
• You can combine this option with the -l | --long and -A | --attribute options.

-r | --roles role1[,role2,...]

Targets the users that are assigned the listed role or roles.

-s | --sort

Sorts the output by the first specified attribute.

Tip: If you specify this option, you must also specify the -A | --attribute option. Otherwise, this option is ignored.

-u | --users user_list

Targets the users specified in a list of user names or object IDS.

Note: If LDAP is configured, both local and LDAP users are shown. Duplicate users are shown as just one. The properties of the duplicate user is a combination of property values from both LDAP and the operating system if this user has never authenticated.

-v | --verbose

Writes verbose messages to standard output.

If this option is not specified, this command suppresses noncritical messages.

-w | –-where string

Targets one or more users based on attribute values specified in a select statement.

-x timeout

Specifies, in seconds, the length of time before a user's SSH session is timed out. Valid values are 0, which specifies no SSH timeout, or any positive integer.

Exit status

• 0: The command was successful.
• 1: A usage error occurred.
• 2: The command or bundle was not found.
• 3: The command was not performed because either authentication failed or you are not authorized to perform the action.
• 10: The file was not found.
• 25: A number-formatting error occurred.
• 27: A specified attribute is not valid.
• 29: The specified locale is not valid or not supported.
• 50: A user was not found.

Examples

1. List all authorized users
   This example illustrates how to list all users who are authorized for access.

   smcli lsuser

2. List all attributes for the users specified in a file

   This example illustrates how to list all attributes for users specified in the /tmp/users file.

   smcli lsuser -l -f /tmp/users

3. List specific attributes for a user

   This example illustrates how to list the value of the AssignedRoles attribute for user "Guest".

   smcli lsuser -A AssignedRoles Guest
   
   Guest: {'role1' applied to 'group1', 'group2'}, {'role2'}

4. List specific attributes and user ID for a user

   This example illustrates how to list the value of the AssignedRoles attribute and the user ID for user "Guest".

   smcli lsuser -o -A AssignedRoles Guest
   
   Guest, 0xffffffffffffffe2: {['role1', 0xffffffffffffffef] applied to 
   ['group1', 0xfffffffffffffe3e], ['group2', 0xfffffffffffffe4e]}, 
   {['role2', 0xfffffffffffffff0] applied to <ALL GROUPS>}