As a system administrator, you may want to know who is on the system at any give point in time. You may also want to know what they are doing. In this article let us review 4 different methods to identify who is on your Linux system.
1. Get the running processes of logged-in user using w
w command is used to show logged-in user names and what they are doing. The information will be read from /var/run/utmp file. The output of the w command contains the following columns:
- Name of the user
- User’s machine number or tty number
- Remote machine address
- User’s Login time
- Idle time (not usable time)
- Time used by all processes attached to the tty (JCPU time)
- Time used by the current process (PCPU time)
- Command currently getting executed by the users
Following options can be used for the w command:
- -h Ignore the header information
- -u Display the load average (uptime output)
- -s Remove the JCPU, PCPU, and login time.
# w 23:04:27 up 29 days, 7:51, 3 users, load average: 0.04, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT sftpd-user pts/0 dev-db-server 22:57 8.00s 0.05s 0.01s sshd: ramesh [priv] www pts/1 dev-db-server 23:01 2:53 0.01s 0.01s -bash root pts/2 dev-db-server 23:04 0.00s 0.00s 0.00s w # w -h sftpd-user pts/0 dev-db-server 22:57 17:43 2.52s 0.01s sshd: ramesh [priv] www pts/1 dev-db-server 23:01 20:28 0.01s 0.01s -bash root pts/2 dev-db-server 23:04 0.00s 0.03s 0.00s w -h # w -u 23:22:06 up 29 days, 8:08, 3 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT sftpd-user pts/0 dev-db-server 22:57 17:47 2.52s 2.49s top www pts/1 dev-db-server 23:01 20:32 0.01s 0.01s -bash root pts/2 dev-db-server 23:04 0.00s 0.03s 0.00s w -u # w -s 23:22:10 up 29 days, 8:08, 3 users, load average: 0.00, 0.00, 0.00 USER TTY FROM IDLE WHAT sftpd-user pts/0 dev-db-server 17:51 sshd: sftpd-user [priv] www pts/1 dev-db-server 20:36 -bash root pts/2 dev-db-server 1.00s w -s
2. Get the user name and process of logged in user using who and users command
who command is used to get the list of the usernames who are currently logged in. Output of the who command contains the following columns: user name, tty number, date and time, machine address.
# who sftpd-user pts/0 2009-03-28 22:57 (dev-db-server) www pts/1 2009-03-28 23:01 (dev-db-server) root pts/2 2009-03-28 23:04 (dev-db-server)
To get a list of all usernames that are currently logged in, use the following:
# who | cut -d' ' -f1 | sort | uniq root www sftpd-user
Users Command
users command is used to print the user name who are all currently logged in the current host. It is one of the command don’t have any option other than help and version. If the user using, ‘n’ number of terminals, the user name will shown in ‘n’ number of time in the output.
# users root www sftpd-user
3. Get the username you are currently logged in using whoami
whoami command is used to print the loggedin user name.
# whoami root
whoami command gives the same output as id -un as shown below:
# id -un root
who am i command will display the logged-in user name and current tty details. The output of this command contains the following columns: logged-in user name, tty name, current time with date and ip-address from where this users initiated the connection.
# who am i root pts/2 2009-03-28 23:04 (dev-db-server) # who mom likes root pts/2 2009-03-28 23:04 (dev-db-server) Warning: Don't try "who mom hates" command.
Also, if you do su to some other user, this command will give the information about the logged in user name details.
4. Get the user login history at any time
last command will give login history for a specific username. If we don’t give any argument for this command, it will list login history for all users. By default this information will read from /var/log/wtmp file. The output of this command contains the following columns:
- User name
- Tty device number
- Login date and time
- Logout time
- Total working time
# last root root pts/0 dev-db-server Fri Mar 27 22:57 still logged in root pts/0 dev-db-server Fri Mar 27 22:09 - 22:54 (00:45) root pts/0 dev-db-server Wed Mar 25 19:58 - 22:26 (02:28) root pts/1 dev-db-server Mon Mar 16 20:10 - 21:44 (01:33) root pts/0 192.168.201.11 Fri Mar 13 08:35 - 16:46 (08:11) root pts/1 192.168.201.12 Thu Mar 12 09:03 - 09:19 (00:15) root pts/0 dev-db-server Wed Mar 11 20:11 - 20:50 (00:39)