Thursday, September 20, 2012

How To Identify Who is Logged-In on Your Server

As a system administrator, you may want to know who is on the system at any give point in time. You may also want to know what they are doing.

In this article let us review different methods to identify who is on your Linux system.

1. Get the running processes of logged-in user using w

w command is used to show logged-in user names and what they are doing. The information will be read from /var/run/utmp file. The output of the w command contains the following columns:
Name of the user
User’s machine number or tty number
Remote machine address
User’s Login time
Idle time (not usable time)
Time used by all processes attached to the tty (JCPU time)
Time used by the current process (PCPU time)
Command currently getting executed by the users


Following options can be used for the w command:
-h Ignore the header information
-u Display the load average (uptime output)
-s Remove the JCPU, PCPU, and login time.

root@LINUXHOWTO.IN:~# w
 23:39:15 up 21 days,  7:48, 15 users,  load average: 0.00, 0.01, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.10.8.166      21:23    2:16m  0.01s  0.01s -bash
root     pts/1    10.10.9.60       21:45    1:53m  0.00s  0.00s -bash
root     pts/2    10.10.8.31       11Sep12  8days  0.01s  0.01s –bash

root@LINUXHOWTO.IN:~# w -h
root     pts/0    10.10.8.166      21:23    2:17m  0.01s  0.01s -bash
root     pts/1    10.10.9.60       21:45    1:54m  0.00s  0.00s -bash
root     pts/2    10.10.8.31       11Sep12  8days  0.01s  0.01s -bash
root     pts/3    10.10.8.170      21:33    2:00m  0.35s  0.00s /bin/bash /bin/qshell
root     pts/5    10.10.9.4        21:09    2:30m  0.01s  0.01s –bash

root@LINUXHOWTO.IN:~# w -u
 23:40:46 up 21 days,  7:50, 15 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.10.8.166      21:23    2:17m  0.01s  0.01s -bash
root     pts/1    10.10.9.60       21:45    1:55m  0.00s  0.00s -bash
root     pts/2    10.10.8.31       11Sep12  8days  0.01s  0.01s -bash
root     pts/3    10.10.8.170      21:33    2:01m  0.35s  0.00s /bin/bash /bin/qshell
root     pts/5    10.10.9.4        21:09    2:30m  0.01s  0.01s –bash

root@LINUXHOWTO.IN:~# w -s
 23:41:01 up 21 days,  7:50, 15 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM               IDLE WHAT
root     pts/0    10.10.8.166       2:17m -bash
root     pts/1    10.10.9.60        1:55m -bash
root     pts/2    10.10.8.31        8days -bash
root     pts/8    10.10.8.160       1:33m -bash
root     pts/9    10.10.8.192       0.00s w -s



2. Get the user name and process of logged in user using who and users command

who command is used to get the list of the usernames who are currently logged in. Output of the who command contains the following columns: user name, tty number, date and time, machine address.
root@linuxhowto.in:~# who
root     pts/0        2012-09-19 21:23 (10.10.8.166)
root     pts/1        2012-09-19 21:45 (10.10.9.60)
root     pts/2        2012-09-11 12:02 (10.10.8.31)
root     pts/3        2012-09-19 21:33 (10.10.8.170)
root     pts/5        2012-09-19 21:09 (10.10.9.4)

To get a list of all usernames that are currently logged in, use the following:
$ who | cut -d' ' -f1 | sort | uniq

Users Commandusers command is used to print the user name who are all currently logged in the current host. It is one of the command don’t have any option other than help and version. If the user using, ‘n’ number of terminals, the user name will shown in ‘n’ number of time in the output.
$ users
pankaj naveen sandeep

 3. Get the username you are currently logged in using whoami

whoami command is used to print the loggedin user name.$ whoami
pankaj


whoami command gives the same output as id -un as shown below:$ id -un
pankaj


who am i command will display the logged-in user name and current tty details. The output of this command contains the following columns: logged-in user name, tty name, current time with date and ip-address from where this users initiated the connection.$ who am i
pankaj pts/23 2012-09-19 23:47 (10.10.8.192)
$ who mom likes
pankaj pts/23 2012-09-19 23:47 (10.10.8.192)

Warning: Don't try "who mom hates" command.

Also, if you do su to some other user, this command will give the information about the logged in user name details.
Posted by at

3 comments:

  1. AnonymousSeptember 21, 2012 at 9:18 AM

    I liked the “who mom likes” command, I actually did not know about this one. Cool

    I just wanna say i like your blog, and keep posting

    ReplyDelete
  2. PankajSeptember 21, 2012 at 9:20 AM

    “who mom likes” and “who mom hates” are exactly the same as “who am i”. As long as there are two arguments next to who, it will work.

    ReplyDelete
  3. Jeanette CobbMay 21, 2018 at 3:43 PM

    No such reviews on Essay writer can give these amazing hacks for a system administrator. It's pretty cool article, thanks.

    ReplyDelete

Subscribe to: Post Comments (Atom)