How to view currently logged-in users in Linux

Knowing which users are currently logged into a system can be crucial for system administrators, especially when managing server resources, tracking user activity, or investigating potential security breaches. Fortunately, Linux provides tools for this exact purpose.

On a Linux system, multiple users can be logged in at the same time. This could be through physical console sessions, remote SSH connections, or other remote access mechanisms. Various commands, such as who, w, and last, allow administrators to see who's currently using the system, their activity, and their access methods.

1. Launch the terminal.
2. Use the who command to list all logged-in users.

   $ who

   The output will show the username, terminal, date, and IP from which they're accessing (if available).

3. For more detailed information about users' activity, use the w command.

   $ w

   This command displays details like idle time, the command they're executing, and more.

4. To view a list of past logins, use the last command.

   $ last

   The result will show a list of previous logins, helping you track user activity over time.

5. If you want to see only the unique users logged in, you can combine who with awk.

   $ who | awk '{print $1}' | sort | uniq

   This chain of commands filters the output to display only unique usernames.

6. Check for user-specific logins using the lastlog command.

   $ lastlog -u [username]

   This will display the last login details for the specified user.

7. Exit the terminal once done.