Knowing which users are currently logged into a system can be crucial for system administrators, especially when managing server resources, tracking user activity, or investigating potential security breaches. Fortunately, Linux provides tools for this exact purpose.
On a Linux system, multiple users can be logged in at the same time. This could be through physical console sessions, remote SSH connections, or other remote access mechanisms. Various commands, such as who, w, and last, allow administrators to see who's currently using the system, their activity, and their access methods.
Related: manage-user-sessions, audit-logs, restricting-access
Steps to view currently logged-in users in Linux:
- Launch the terminal.
- Use the who command to list all logged-in users.
$ who
The output will show the username, terminal, date, and IP from which they're accessing (if available).
- For more detailed information about users' activity, use the w command.
$ w
This command displays details like idle time, the command they're executing, and more.
- To view a list of past logins, use the last command.
$ last
The result will show a list of previous logins, helping you track user activity over time.
- If you want to see only the unique users logged in, you can combine who with awk.
$ who | awk '{print $1}' | sort | uniqThis chain of commands filters the output to display only unique usernames.
- Check for user-specific logins using the lastlog command.
$ lastlog -u [username]
This will display the last login details for the specified user.
- Exit the terminal once done.
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.