lslogins

lslogins [options] [username...]

lslogins displays information about known users and groups on a Linux system, combining data from `/etc/passwd`, `/etc/shadow`, `/etc/group`, `lastlog`, `faillog`, and wtmp. It is a more comprehensive replacement for piecing together output from `who`, `last`, `id`, and `getent`.By default it prints a table with one row per user. Output columns and format can be tuned with `-o`, `--raw`, `--json`, `--colon-separate`, and `--export` for scripting.

-a, --acc-expiration

Show last password change and account/password expiration dates.

Separate user records with a colon instead of a newline.

Output in `NAME="value"` shell-sourceable form.

Include data about each user's last failed login.

Show supplementary groups.

Only show users that belong to one of the listed groups (comma-separated).

Show last-login information from `lastlog`.

Only show users whose login name or UID is in the comma-separated list.

Print each field on its own line.

Suppress column headers.

Do not truncate long output columns.

Comma-separated list of columns to display. Use `--help` for the full column list.

Print all available columns.

Show password status information.

Raw, unformatted output.

Show only system accounts (UID below the configured threshold).

Show only non-system user accounts.

Output in JSON.

Show SELinux user context.

`short`, `full`, or `iso` formatting for date columns.

Print version information.

Show help and the list of supported columns.

Some columns (last login, failed login, password expiration) require the calling user to have read access to `/var/log/lastlog`, `/var/log/faillog`, or `/etc/shadow` — typically root. Distributions that do not ship `lastlog`/`faillog` will show empty values for those columns.

lslogins was added to util-linux (upstream by Ondrej Oprala) to consolidate information previously spread across `who`, `last`, `lastlog`, `faillog`, and `getent passwd`.

who(1), last(1), id(1), getent(1), passwd(1)