Hello,
I am trying to write a relevance expression if a user exists(local or ldap) at unix systems. My expression looks like;
exists users whose (name of it = “user_name”)
this returns if “user_name” is logged in. I am looking for a solution regardless of logged in or not.
The “user” implementation on UNIX was a bit lacking until 9.5 clients as the “user” operator was really equivalent to “current user”
If you look at https://developer.bigfix.com/relevance/reference/user.html#local-user-user you will see the functionality you need - mostly - as this will go through the local users. I’m not sure if LDAP users are included here but definitely local users are.
what should be the correct relevance? I tried belows but do not work. Client version is 9.2.9
exists users whose (name of it = “user_name”)
exists local user "user_name"
exists user “user_name”
By design BigFix tries to limit the inspectors to low-intensity operations. Doing something like LDAP queries on user accounts can have pretty drastic impacts on both your client, and on whatever poor LDAP server is responding to the queries from potentially thousands of clients. So take care with that 
To get what you’re looking for, especially pre-9.5, you’re probably better off using an Action to build a user list at some frequency (maybe once a day), dump that to a text file, and then parse out the text file in an Analysis or relevance query.
All the Action needs to do would be something like getent passwd and dump the output to a file. Then the Analysis would be something like
exists (preceding texts of firsts ":" of lines of file "my_user_list" ) whose (it="user_i_am_looking_for")
Hello,
actually I am considering local users. I am trying to check if a user exists or not. Relevance statements in my above post do not work.
Hello mkenmalm,
I have tried some of the relevance in my own environment which returns the name of local users on that particular system.
I hope this relevance may help you out.
Q: concatenation ", " of names of local users
A: Administrator, Guest
T: 4.881 ms
Q: exists local user "Administrator"
A: True
T: 1.530 ms
I had tested with debug tool, it works as you mentioned. Have you ever tried on a unix machine?
Hi mkemalm,
No, I have tested this on windows systems only.
I can confirm that with a v9.5.2 client, the (names of local users) relevance will tell you everyone that has logged into the server using LDAP credentials. I don’t know how to differentiate between “Local” and “LDAP” access other than when a user is actually logged in. At that time you can use (tty of logged in users) to try and determine how they are logged in.
The names of users inspector still seems to reference only the currently logged in user.