{"id":883,"date":"2016-12-19T15:24:44","date_gmt":"2016-12-19T20:24:44","guid":{"rendered":"http:\/\/easy-admin.ca\/?p=883"},"modified":"2017-01-12T15:38:58","modified_gmt":"2017-01-12T20:38:58","slug":"4-ways-to-identify-who-is-logged-in-on-your-linux-system","status":"publish","type":"post","link":"https:\/\/easy-admin.ca\/index.php\/2016\/12\/19\/4-ways-to-identify-who-is-logged-in-on-your-linux-system\/","title":{"rendered":"4 Ways to Identify Who is Logged-In on Your Linux System"},"content":{"rendered":"<p><a href=\"http:\/\/easy-admin.ca\/my_uploads\/2016\/12\/who-ic-connected.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-919\" src=\"http:\/\/easy-admin.ca\/my_uploads\/2016\/12\/who-ic-connected.jpg\" alt=\"\" width=\"856\" height=\"431\" srcset=\"https:\/\/easy-admin.ca\/wp-content\/uploads\/2016\/12\/who-ic-connected.jpg 856w, https:\/\/easy-admin.ca\/wp-content\/uploads\/2016\/12\/who-ic-connected-300x151.jpg 300w, https:\/\/easy-admin.ca\/wp-content\/uploads\/2016\/12\/who-ic-connected-768x387.jpg 768w\" sizes=\"auto, (max-width: 856px) 100vw, 856px\" \/><\/a><\/p>\n<p>As a system administrator, you may want to know who is on the system at any give point in time. You may also want to know what they are doing. In this article let us review 4 different methods to identify who is on your Linux system.<\/p>\n<h3>1. Get the running processes of logged-in user using w<\/h3>\n<p><strong>w command<\/strong> is used to show logged-in user names and what they are doing. The information will be read from \/var\/run\/utmp file. The output of the w command contains the following columns:<\/p>\n<ul>\n<li>Name of the user<\/li>\n<li>User\u2019s machine number or tty number<\/li>\n<li>Remote machine address<\/li>\n<li>User\u2019s Login time<\/li>\n<li>Idle time (not usable time)<\/li>\n<li>Time used by all processes attached to the tty (JCPU time)<\/li>\n<li>Time used by the current process (PCPU time)<\/li>\n<li>Command currently getting executed by the users<\/li>\n<\/ul>\n<p><code>\u00a0<\/code><br \/>\nFollowing options can be used for the w command:<\/p>\n<ul>\n<li>-h Ignore the header information<\/li>\n<li>-u Display the load average (uptime output)<\/li>\n<li>-s Remove the JCPU, PCPU, and login time.<\/li>\n<\/ul>\n<pre># <strong>w<\/strong>\r\n 23:04:27 up 29 days,  7:51,  3 users,  load average: 0.04, 0.06, 0.02\r\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\r\nsftpd-user   pts\/0    dev-db-server        22:57    8.00s  0.05s  0.01s sshd: ramesh [priv]\r\nwww    pts\/1    dev-db-server        23:01    2:53   0.01s  0.01s -bash\r\nroot     pts\/2    dev-db-server        23:04    0.00s  0.00s  0.00s w\r\n\r\n# <strong>w -h<\/strong>\r\nsftpd-user   pts\/0    dev-db-server        22:57   17:43   2.52s  0.01s sshd: ramesh [priv]\r\nwww    pts\/1    dev-db-server        23:01   20:28   0.01s  0.01s -bash\r\nroot     pts\/2    dev-db-server        23:04    0.00s  0.03s  0.00s w -h\r\n\r\n# <strong>w -u\r\n<\/strong> 23:22:06 up 29 days,  8:08,  3 users,  load average: 0.00, 0.00, 0.00\r\nUSER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT\r\nsftpd-user   pts\/0    dev-db-server        22:57   17:47   2.52s  2.49s top\r\nwww    pts\/1    dev-db-server        23:01   20:32   0.01s  0.01s -bash\r\nroot     pts\/2    dev-db-server        23:04    0.00s  0.03s  0.00s w -u\r\n\r\n# <strong>w -s<\/strong>\r\n 23:22:10 up 29 days,  8:08,  3 users,  load average: 0.00, 0.00, 0.00\r\nUSER         TTY      FROM               IDLE WHAT\r\nsftpd-user   pts\/0    dev-db-server        17:51  sshd: sftpd-user [priv]\r\nwww          pts\/1    dev-db-server        20:36  -bash\r\nroot         pts\/2    dev-db-server         1.00s w -s<\/pre>\n<h3>2. Get the user name and process of logged in user using who and users command<\/h3>\n<p><strong>who command<\/strong> is used to get the list of the usernames who are currently logged in. Output of the who command contains the following columns: user name, tty number, date and time, machine address.<\/p>\n<pre># <strong>who<\/strong>\r\nsftpd-user   pts\/0        2009-03-28 22:57 (dev-db-server)\r\nwww          pts\/1        2009-03-28 23:01 (dev-db-server)\r\nroot         pts\/2        2009-03-28 23:04 (dev-db-server)<\/pre>\n<p>To get a list of all usernames that are currently logged in, use the following:<\/p>\n<pre># <strong>who | cut -d' ' -f1 | sort | uniq<\/strong>\r\nroot\r\nwww\r\nsftpd-user<\/pre>\n<h4>Users Command<\/h4>\n<p><strong>users command<\/strong> is used to print the user name who are all currently logged in the current host. It is one of the command don\u2019t have any option other than help and version. If the user using, \u2018n\u2019 number of terminals, the user name will shown in \u2018n\u2019 number of time in the output.<\/p>\n<pre># <strong>users<\/strong>\r\nroot www sftpd-user<\/pre>\n<h3>3. Get the username you are currently logged in using whoami<\/h3>\n<p><strong>whoami<\/strong> command is used to print the loggedin user name.<\/p>\n<pre># <strong>whoami<\/strong>\r\nroot<\/pre>\n<p><strong>whoami command<\/strong> gives the same output as <strong>id -un<\/strong> as shown below:<\/p>\n<pre># <strong>id -un<\/strong>\r\nroot<\/pre>\n<p><strong>who am i<\/strong> command will display the logged-in user name and current tty details. The output of this command contains the following columns: logged-in user name, tty name, current time with date and ip-address from where this users initiated the connection.<\/p>\n<pre># <strong>who am i<\/strong>\r\nroot     pts\/2        2009-03-28 23:04 (dev-db-server)\r\n\r\n# <strong>who mom likes<\/strong>\r\nroot     pts\/2        2009-03-28 23:04 (dev-db-server)\r\n\r\n<strong>Warning:<\/strong> Don't try \"<strong>who mom hates<\/strong>\" command.<\/pre>\n<p>Also, if you do su to some other user, this command will give the information about the logged in user name details.<\/p>\n<h3>4. Get the user login history at any time<\/h3>\n<p><strong>last command<\/strong> will give login history for a specific username. If we don\u2019t give any argument for this command, it will list login history for all users. By default this information will read from \/var\/log\/wtmp file. The output of this command contains the following columns:<\/p>\n<ul>\n<li>User name<\/li>\n<li>Tty device number<\/li>\n<li>Login date and time<\/li>\n<li>Logout time<\/li>\n<li>Total working time<\/li>\n<\/ul>\n<pre># <strong>last root<\/strong>\r\nroot   pts\/0        dev-db-server   Fri Mar 27 22:57   still logged in\r\nroot   pts\/0        dev-db-server   Fri Mar 27 22:09 - 22:54  (00:45)\r\nroot   pts\/0        dev-db-server   Wed Mar 25 19:58 - 22:26  (02:28)\r\nroot   pts\/1        dev-db-server   Mon Mar 16 20:10 - 21:44  (01:33)\r\nroot   pts\/0        192.168.201.11  Fri Mar 13 08:35 - 16:46  (08:11)\r\nroot   pts\/1        192.168.201.12  Thu Mar 12 09:03 - 09:19  (00:15)\r\nroot   pts\/0        dev-db-server   Wed Mar 11 20:11 - 20:50  (00:39)<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>As a system administrator, you may want to know who is on the system at any give point in time. You may also want to know what they are doing. In this article let us review 4 different methods to identify who is on your Linux system. 1. Get the running processes of logged-in user &hellip; <a href=\"https:\/\/easy-admin.ca\/index.php\/2016\/12\/19\/4-ways-to-identify-who-is-logged-in-on-your-linux-system\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">4 Ways to Identify Who is Logged-In on Your Linux System<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-883","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/comments?post=883"}],"version-history":[{"count":0,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/883\/revisions"}],"wp:attachment":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media?parent=883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/categories?post=883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/tags?post=883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}