7 Ways to Check Who’s Logged-On Linux System

As a Linux system administrator, you have to check who is logged in the system before start working in any issues when you have a team members across multiple location.

Because if multiple users are making the changes in the configuration file may create an additional problems.

Also, it doesn’t solve your issues instead creates some additional problem.

So, make sure nobody is currently working on this issue before you start working on it.

To avoid such kind of things, we need to check who’s logged in the system and what they are doing.

It can be done in many ways. We will show you, how to check this in Linux system.

It prevents your system from unwanted damage. Also, saves your time.

Most of the Linux admins use w command to get the live users list but there are many utilities are available in Linux to get the same information with additional options.

Suggested Read : How To Track Successful And Failed Login Attempts In Linux

In this article, we are going to show you, how to check who’s currently logged-in your Linux system using different methods.

Knowing more than one methods may help you in some point of time. So, don’t hesitate to check the possible options.

Method-1: w Command

w command shows who’s logged on and what they are doing. It displays information about current users on the machine by reading the file /var/run/utmp, and their processes /proc.

w command output comes with header which displays system activity such as current time, system up time, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.

w command contains the following values login user name, tty number, remote host, user’s login time, idle time, JCPU (time used by all processes attached to the tty), PCPU (time used by the current process), and what command user performing currently.

# w
 17:13:34 up  1:52,  1 user,  load average: 0.11, 0.18, 0.15
USER     TTY      FROM              [email protected]   IDLE   JCPU   PCPU WHAT
root     pts/0    203.99.204.108    15:22    6.00s  0.18s  0.00s w

Method-2: who Command

who command shows information about users who are currently logged in. It uses /var/run/utmp & /var/log/wtmp files to get the details.

  • /var/run/utmp: It contains information about the users who are currently logged onto the system. Who command is used to fetch the information from the file.
  • /var/log/wtmp: It contains historical utmp. It keeps the users login and logout history. The last command uses this file to display the information.

who command output contains the following values such as login user name, tty number, date & time, and remote host.

# who
root     pts/0        2017-05-31 15:22 (203.99.204.108)

Method-3: whoami Command

id command shows user and group information for the specified username. But we can check the current logged in user by adding -un options with id command.

# whoami
root

Also, when you use whoami with space (who am i) that will give you a different output. It’s giving more details compared with whoami.

$ who am i
daygeek  pts/1        2019-06-17 22:01 (192.168.1.6)

id command Print user and group information for the specified username but we can add -un options with id command to get current logged in users.

# id -un
root

Method-4: users Command

users command prints the usernames of users currently logged in to the current host. It uses /var/run/utmp & /var/log/wtmp files to get the details.

# users
root

Method-5: last Command

last command show list of last logged in users by searching the data from /var/log/wtmp file. Also it shows system reboot information.

last command output contains login user name, tty number, remote host, date, login time, logout time, and total duration (working time).

# last
root     pts/0        203.99.204.108 Wed May 31 15:22   still logged in
reboot   system boot  3.5.0-54-generic Wed May 31 15:20 - 17:57  (02:37)

Method-6: finger Command

Finger is a utility, which allows users to see the information about system users (login name, home directory, name, how long they’ve been logged in to the system, etc.).

Finger utility available in all major Linux distribution and doesn’t installed by default. Use distribution package manager to install finger on your system.

$ finger
Login     Name       Tty      Idle  Login Time   Office     Office Phone
magi      daygeek    tty7        7  Jun  1 16:05 (203.99.204.108)

Method-7: Manual Way

Last but not least, we can get the list of logged in users on Linux machine with manual way by using less command or more command or head command or tail command with followed by the log file location.

User authentication logs are located @ /var/log/secure for RHEL based systems & /var/log/auth.log for Debian based systems.

$ head -5 /var/log/auth.log
Jun  1 16:05:01 daygeek CRON[1944]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun  1 16:05:01 daygeek CRON[1944]: pam_unix(cron:session): session closed for user root
Jun  1 16:05:44 daygeek lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Jun  1 16:05:44 daygeek lightdm: pam_unix(lightdm:session): session opened for user magi by (uid=0)
Jun  1 16:05:44 daygeek systemd: pam_unix(systemd-user:session): session opened for user magi by (uid=0)

You may also like...