Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Solutions A small chevron
Device management

Device management

Remotely manage, and protect laptops and mobile devices.

Orchestration

Orchestration

Automate tasks across devices, from app installs to scripts.

Software management

Software management

Inventory, patch, and manage installed software.

Extend Fleet

Extend Fleet

Integrate your favorite tools with Fleet.

Customers A small chevron
Stripe + Fleet

Stripe + Fleet

Stripe consolidates multiple tools with Fleet.

Foursquare + Fleet

Foursquare + Fleet

Foursquare quickly migrates to Fleet for device management.

What people are saying

What people are saying

Stories from the Fleet community.

Pricing
More A small chevron
Try it yourself Get a demo

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

users

click to open the table of contents
macOS logo Windows logo Linux logo ChromeOS logo

users

Local user accounts (including domain accounts that have logged on locally (Windows)).

Column Type Description
description text Optional user description
Only available on macOS, Windows, and Linux
directory text User's home directory
Only available on macOS, Windows, and Linux
email text Email
Only available on chrome
gid bigint Group ID (unsigned)
Only available on macOS, Windows, and Linux
gid_signed bigint Default group ID as int64 signed (Apple)
Only available on macOS, Windows, and Linux
include_remote integer 1 to include remote (LDAP/AD) accounts (default 0). Warning: without any uid/username filtering it may list whole LDAP directories
Not returned in SELECT * FROM users.
Only available on linux
is_hidden integer IsHidden attribute set in OpenDirectory
Only available on macOS
pid_with_namespace integer Pids that contain a namespace
Only available on Linux
shell text User's configured default shell
Only available on macOS, Windows, and Linux
type text Whether the account is roaming (domain), local, or a system profile
Only available on Windows
uid bigint User ID
uid_signed bigint User ID as int64 signed (Apple)
Only available on macOS, Windows, and Linux
username text Username
uuid text User's UUID (Apple) or SID (Windows)

Example

List users that have interactive access via a shell that isn't false.

SELECT * FROM users WHERE shell!='/usr/bin/false';

Notes

Edit page

Questions?

Ask us anything
{{table.title}} evented table