Ways to look at logged in users on Linux


There are quite a few ways on Linux to get a list of the users logged into the system and see what they are doing. The commands described in this article all provide very useful information.

users

The users command displays a simple list of logged-in users. In this example, one user is logged in twice and is, therefore, listed twice.

$ users
nemo popeye shs shs

Note that the users are listed in alphabetical order.

who

The who command provides additional information. The login terminal is identified along with the login date and time. The final field displays the terminal or the IP address of the connecting system.

$ who
shs      tty2         2022-11-12 10:54 (tty2)
nemo     pts/0        2022-11-15 11:07 (192.168.0.3)
shs      pts/5        2022-11-15 10:41 (192.168.0.3)
popeye   pts/2        2022-11-15 11:12 (192.168.0.3)

w

The w command provides even more information on logged-in users. The first line of output shows the current time, how long the system has been up, the number of logged-in users, and the 1-, 5- and 15-minute load averages. This information will give you a quick view of how busy the system is.

The lines following the column headings show usernames, login times, how long the sessions have been idle, the time used by all processes associated with the user’s tty (JCPU), the time used by the current process for the user’s terminal (PCPU), and the command being run. If the session is currently idle, you will simply see the shell that is in use (e.g., -bash).

The w command provides a quick view of how heavily the system is being used and where most of the activity is coming from.

$ w
 12:16:09 up 3 days, 15:10,  4 users,  load average: 0.00, 0.01, 0.01
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
shs      tty2      Sat13    3days  0.05s  0.05s /usr/libexec/gnome-session-bina
nemo     pts/0     11:07    4:38   0.04s  0.04s -bash
shs      pts/5     10:41    0.00s  0.10s  0.00s w
popeye   pts/2     11:12    1:02m  0.02s  0.02s -bash

last

The last command displays a list of user logins with the most recent logins first. To see the most recent logins, you can use a command like this one:

$ last | head -3
popeye   pts/2        192.168.0.3      Tue Nov 15 11:12   still logged in
nemo     pts/0        192.168.0.3      Tue Nov 15 11:07   still logged in
shs      pts/5        192.168.0.3      Tue Nov 15 10:41   still logged in

To see how far the currently available login information reaches back, pipe the last command’s output to the tail command.

$ last | tail -3
reboot   system boot  5.14.10-300.fc35 Mon Jun  6 15:57 - 16:55  (00:58)

wtmp begins Mon Jun  6 15:57:30 2022

ps

ps command like the one below will provide a list of the processes a user is running. Adding the grep -v `whoami` simply omits the command you would be running to create the list. You can just grep with your username (e.g., grep -v shs), but the command shown works for anyone.

$ ps -ef | grep nemo | grep -v `whoami`
root      124982     787  0 11:07 ?        00:00:00 sshd: nemo [priv]
nemo      124990       1  0 11:07 ?        00:00:00 /usr/lib/systemd/systemd --user
nemo      124999  124990  0 11:07 ?        00:00:00 (sd-pam)
nemo      125018  124982  0 11:07 ?        00:00:00 sshd: nemo@pts/0
nemo      125025  125018  0 11:07 pts/0    00:00:00 -bash

By using grep to select process details by the first field, you will see only that user’s processes. The ^nemo argument selects only the output lines that begin with “nemo”.

$ ps -ef | grep ^nemo
nemo      124990       1  0 11:07 ?        00:00:00 /usr/lib/systemd/systemd --user
nemo      124999  124990  0 11:07 ?        00:00:00 (sd-pam)
nemo      125018  124982  0 11:07 ?        00:00:00 sshd: nemo@pts/0
nemo      125025  125018  0 11:07 pts/0    00:00:00 -bash

id

You can use the id command to display some additional details on a user. This includes the user’s UID (user id), GID (group id), and a list of the groups that the user is a member of.

$ id nemo
uid=1012(nemo) gid=1012(nemo) groups=1012(nemo),900(techs)

finger

You can also get some information on users with the finger command.

$ finger nemo
Login: nemo                             Name: Nemo the Fish
Directory: /home/nemo                   Shell: /bin/bash
On since Tue Nov 15 11:07 (EST) on pts/0 from 192.168.0.3
   1 minute 44 seconds idle
No mail.
No Plan.

uptime

The uptime command will tell you how long the system has been up since its last reboot and the number of user currently logged in. Like the w command, it also provides the system load averages.

$ uptime
 12:07:47 up 3 days, 15:01,  4 users,  load average: 0.07, 0.13, 0.06

top and htop

If you want to see whether a particular user’s processes are having an impact on system performance, you can use a tool like top or htop to determine whether any user processes are making significant use of system resources. Using either of these tools, pressing the Shift+M keys will sort the output by memory usage. Using Shift+P will sort the output by processor usage. The example below shows nemo as a significant user of the system CPU and memory, but the system is not highly impacted.

top - 12:41:48 up 3 days, 15:35,  4 users,  load average: 0.14, 0.06, 0.02
Tasks: 262 total,   1 running, 261 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.8 us,  0.5 sy,  0.0 ni, 98.5 id,  0.2 wa,  0.0 hi,  0.0 si,  0.0 st
MiB Mem :   5926.3 total,    145.1 free,   2273.7 used,   3507.5 buff/cache
MiB Swap:   5926.0 total,   5926.0 free,      0.0 used.   3374.3 avail Mem

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
   3059 root      20   0  259104  29984   8428 S   1.7   0.5  11:11.01 sssd_kcm
 134122 nemo      20   0  222648   3976   3524 R   1.3   0.2   0:00.07 loop <===
 128996 shs       20   0  225824   4436   3564 R   0.3   0.1   0:00.63 top
      1 root      20   0  172392  17720  11256 S   0.0   0.3   0:03.51 systemd
…

Wrap-up

Commands for viewing logged-in users, the processes they are running and how they might impact performance will come in handy whether you are trying to get an understanding of how a Linux system is being used or looking to find the source of a performance problem.

Copyright © 2022 IDG Communications, Inc.



Source link