- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
Ways to look at logged in users on Linux
There are quite a few ways on Linux to get a list of the users logged into the system and see what they are doing. The commands described in this article all provide very useful information.
users
The users command displays a simple list of logged-in users. In this example, one user is logged in twice and is, therefore, listed twice.
$ users nemo popeye shs shs
Note that the users are listed in alphabetical order.
who
The who command provides additional information. The login terminal is identified along with the login date and time. The final field displays the terminal or the IP address of the connecting system.
$ who shs tty2 2022-11-12 10:54 (tty2) nemo pts/0 2022-11-15 11:07 (192.168.0.3) shs pts/5 2022-11-15 10:41 (192.168.0.3) popeye pts/2 2022-11-15 11:12 (192.168.0.3)
w
The w command provides even more information on logged-in users. The first line of output shows the current time, how long the system has been up, the number of logged-in users, and the 1-, 5- and 15-minute load averages. This information will give you a quick view of how busy the system is.
The lines following the column headings show usernames, login times, how long the sessions have been idle, the time used by all processes associated with the user’s tty (JCPU), the time used by the current process for the user’s terminal (PCPU), and the command being run. If the session is currently idle, you will simply see the shell that is in use (e.g., -bash).
The w command provides a quick view of how heavily the system is being used and where most of the activity is coming from.
$ w 12:16:09 up 3 days, 15:10, 4 users, load average: 0.00, 0.01, 0.01 USER TTY LOGIN@ IDLE JCPU PCPU WHAT shs tty2 Sat13 3days 0.05s 0.05s /usr/libexec/gnome-session-bina nemo pts/0 11:07 4:38 0.04s 0.04s -bash shs pts/5 10:41 0.00s 0.10s 0.00s w popeye pts/2 11:12 1:02m 0.02s 0.02s -bash
last
The last command displays a list of user logins with the most recent logins first. To see the most recent logins, you can use a command like this one:
$ last | head -3 popeye pts/2 192.168.0.3 Tue Nov 15 11:12 still logged in nemo pts/0 192.168.0.3 Tue Nov 15 11:07 still logged in shs pts/5 192.168.0.3 Tue Nov 15 10:41 still logged in
To see how far the currently available login information reaches back, pipe the last command’s output to the tail command.
$ last | tail -3 reboot system boot 5.14.10-300.fc35 Mon Jun 6 15:57 - 16:55 (00:58) wtmp begins Mon Jun 6 15:57:30 2022
ps
A ps command like the one below will provide a list of the processes a user is running. Adding the grep -v `whoami` simply omits the command you would be running to create the list. You can just grep with your username (e.g., grep -v shs), but the command shown works for anyone.
$ ps -ef | grep nemo | grep -v `whoami` root 124982 787 0 11:07 ? 00:00:00 sshd: nemo [priv] nemo 124990 1 0 11:07 ? 00:00:00 /usr/lib/systemd/systemd --user nemo 124999 124990 0 11:07 ? 00:00:00 (sd-pam) nemo 125018 124982 0 11:07 ? 00:00:00 sshd: nemo@pts/0 nemo 125025 125018 0 11:07 pts/0 00:00:00 -bash
By using grep to select process details by the first field, you will see only that user’s processes. The ^nemo argument selects only the output lines that begin with “nemo”.
$ ps -ef | grep ^nemo nemo 124990 1 0 11:07 ? 00:00:00 /usr/lib/systemd/systemd --user nemo 124999 124990 0 11:07 ? 00:00:00 (sd-pam) nemo 125018 124982 0 11:07 ? 00:00:00 sshd: nemo@pts/0 nemo 125025 125018 0 11:07 pts/0 00:00:00 -bash
id
You can use the id command to display some additional details on a user. This includes the user’s UID (user id), GID (group id), and a list of the groups that the user is a member of.
$ id nemo uid=1012(nemo) gid=1012(nemo) groups=1012(nemo),900(techs)
finger
You can also get some information on users with the finger command.
$ finger nemo Login: nemo Name: Nemo the Fish Directory: /home/nemo Shell: /bin/bash On since Tue Nov 15 11:07 (EST) on pts/0 from 192.168.0.3 1 minute 44 seconds idle No mail. No Plan.
uptime
The uptime command will tell you how long the system has been up since its last reboot and the number of user currently logged in. Like the w command, it also provides the system load averages.
$ uptime 12:07:47 up 3 days, 15:01, 4 users, load average: 0.07, 0.13, 0.06
top and htop
If you want to see whether a particular user’s processes are having an impact on system performance, you can use a tool like top or htop to determine whether any user processes are making significant use of system resources. Using either of these tools, pressing the Shift+M keys will sort the output by memory usage. Using Shift+P will sort the output by processor usage. The example below shows nemo as a significant user of the system CPU and memory, but the system is not highly impacted.
top - 12:41:48 up 3 days, 15:35, 4 users, load average: 0.14, 0.06, 0.02 Tasks: 262 total, 1 running, 261 sleeping, 0 stopped, 0 zombie %Cpu(s): 0.8 us, 0.5 sy, 0.0 ni, 98.5 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st MiB Mem : 5926.3 total, 145.1 free, 2273.7 used, 3507.5 buff/cache MiB Swap: 5926.0 total, 5926.0 free, 0.0 used. 3374.3 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3059 root 20 0 259104 29984 8428 S 1.7 0.5 11:11.01 sssd_kcm 134122 nemo 20 0 222648 3976 3524 R 1.3 0.2 0:00.07 loop <=== 128996 shs 20 0 225824 4436 3564 R 0.3 0.1 0:00.63 top 1 root 20 0 172392 17720 11256 S 0.0 0.3 0:03.51 systemd …
Wrap-up
Commands for viewing logged-in users, the processes they are running and how they might impact performance will come in handy whether you are trying to get an understanding of how a Linux system is being used or looking to find the source of a performance problem.
Copyright © 2022 IDG Communications, Inc.