How to list logged-in users in Linux

In Linux, identifying which users are currently logged into the system is important for administrators managing servers and monitoring system activity. It helps ensure system resources are being used efficiently and allows for the detection of any unauthorized access. Knowing who is logged in at any time is an essential task in maintaining system security and performance.

Users can access a Linux system through various methods, such as physical login terminals, remote SSH sessions, or other network-based connections. Multiple tools are available to check user login details, session information, and user activity. These tools are built-in, simple to use, and provide real-time data on who is currently accessing the system.

Administrators use commands like who, w, and last to display logged-in users and review past login sessions. These commands provide essential information, such as usernames, login times, and remote session details. Each of these commands plays a role in helping administrators keep track of user activity and ensure system security is maintained.

Steps to check currently logged-in users in Linux:

Open the terminal on the Linux system.
Enter the who command to view currently logged-in users.

The output will list usernames, terminal identifiers, and login times.
```
$ who
user1   pts/0        2024-09-13 09:15 (192.168.1.5)
user2   pts/1        2024-09-13 10:05 (:0)
```

Use the w command to display detailed information about logged-in users and their activity.

This command will show user processes, idle time, and load averages.

$ w
 09:45:12 up 2 days,  2:15,  2 users,  load average: 0.12, 0.34, 0.15
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
user1    pts/0    192.168.1.5      09:15    1:23   0.12s  0.01s bash
user2    pts/1    :0               10:05    0.45s  0.10s  0.02s top

To review past user logins, run the last command.

The output will display previous login sessions, including the time, duration, and terminal used.

$ last
user1   pts/0        192.168.1.5     Fri Sep 13 09:15   still logged in
user2   pts/1        :0              Fri Sep 13 10:05 - 10:25  (00:20)

For unique usernames of logged-in users, use who combined with awk and uniq.

This command filters the output to show only distinct usernames.
```
$ who | awk '{print $1}' | sort | uniq
user1
user2
```

Use the lastlog command to check the last login of a specific user.

This will display the last login details for the specified user.

$ lastlog -u user1
Username       Port     From             Latest
user1            pts/0    192.168.1.5      Fri Sep 13 09:15:01 +0000 2024

Close the terminal after reviewing the data.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.