7 Ways to Check Who’s Logged-On Linux System
As a Linux system administrator, you have to check who is logged in the system before start working in any issues when you have a team members across multiple location.
Because if multiple users are making the changes in the configuration file may create an additional problems.
Also, it doesn’t solve your issues instead creates some additional problem.
So, make sure nobody is currently working on this issue before you start working on it.
To avoid such kind of things, we need to check who’s logged in the system and what they are doing.
It can be done in many ways. We will show you, how to check this in Linux system.
It prevents your system from unwanted damage. Also, saves your time.
Most of the Linux admins use
w command to get the live users list but there are many utilities are available in Linux to get the same information with additional options.
In this article, we are going to show you, how to check who’s currently logged-in your Linux system using different methods.
Knowing more than one methods may help you in some point of time. So, don’t hesitate to check the possible options.
Method-1: w Command
w command shows who’s logged on and what they are doing. It displays information about current users on the machine by reading the file
/var/run/utmp, and their processes
w command output comes with header which displays system activity such as current time, system up time, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
w command contains the following values login user name, tty number, remote host, user’s login time, idle time, JCPU (time used by all processes attached to the tty), PCPU (time used by the current process), and what command user performing currently.
# w 17:13:34 up 1:52, 1 user, load average: 0.11, 0.18, 0.15 USER TTY FROM [email protected] IDLE JCPU PCPU WHAT root pts/0 188.8.131.52 15:22 6.00s 0.18s 0.00s w
Method-2: who Command
who command shows information about users who are currently logged in. It uses
/var/log/wtmp files to get the details.
/var/run/utmp:It contains information about the users who are currently logged onto the system. Who command is used to fetch the information from the file.
/var/log/wtmp:It contains historical utmp. It keeps the users login and logout history. The last command uses this file to display the information.
who command output contains the following values such as login user name, tty number, date & time, and remote host.
# who root pts/0 2017-05-31 15:22 (184.108.40.206)
Method-3: whoami Command
id command shows user and group information for the specified username. But we can check the current logged in user by adding
-un options with id command.
# whoami root
Also, when you use whoami with space (who am i) that will give you a different output. It’s giving more details compared with whoami.
$ who am i daygeek pts/1 2019-06-17 22:01 (192.168.1.6)
id command Print user and group information for the specified username but we can add
-un options with id command to get current logged in users.
# id -un root
Method-4: users Command
users command prints the usernames of users currently logged in to the current host. It uses
/var/log/wtmp files to get the details.
# users root
Method-5: last Command
last command show list of last logged in users by searching the data from
/var/log/wtmp file. Also it shows system reboot information.
last command output contains login user name, tty number, remote host, date, login time, logout time, and total duration (working time).
# last root pts/0 220.127.116.11 Wed May 31 15:22 still logged in reboot system boot 3.5.0-54-generic Wed May 31 15:20 - 17:57 (02:37)
Method-6: finger Command
Finger is a utility, which allows users to see the information about system users (login name, home directory, name, how long they’ve been logged in to the system, etc.).
Finger utility available in all major Linux distribution and doesn’t installed by default. Use distribution package manager to install finger on your system.
$ finger Login Name Tty Idle Login Time Office Office Phone magi daygeek tty7 7 Jun 1 16:05 (18.104.22.168)
Method-7: Manual Way
Last but not least, we can get the list of logged in users on Linux machine with manual way by using less command or more command or head command or tail command with followed by the log file location.
User authentication logs are located @
/var/log/secure for RHEL based systems &
/var/log/auth.log for Debian based systems.
$ head -5 /var/log/auth.log Jun 1 16:05:01 daygeek CRON: pam_unix(cron:session): session opened for user root by (uid=0) Jun 1 16:05:01 daygeek CRON: pam_unix(cron:session): session closed for user root Jun 1 16:05:44 daygeek lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Jun 1 16:05:44 daygeek lightdm: pam_unix(lightdm:session): session opened for user magi by (uid=0) Jun 1 16:05:44 daygeek systemd: pam_unix(systemd-user:session): session opened for user magi by (uid=0)