A Linux system admin should keep an eye on who is currently logged into the Linux system and what are they up to. We already knew how to find the last logged in users in Linux. How would you identify who is logged on your Linux system at the moment and what they are doing? Easy! This tutorial lists various methods to find currently logged in users in Linux.
1. Find currently logged in users in Linux using
In Linux operating systems, there is special, single letter command called
w that helps you to find who is logged on and what they are doing in the system. This is the most commonly used command line tool to display the information about the users currently on the server, and their processes.
w command is often useful when you are administering a Linux server that is frequently being accessed by many users. You can track all of them without having to install any additional tools or applications.
w command shows various useful details including the following:
- the current time,
- how long the system has been running,
- how many users are currently logged on,
- and the system load averages for the past 1, 5, and 15 minutes.
w command fetches information about who is currently logged on from the
/var/run/utmp file and retrieves the process information from the
Now let us see how to use
w command to display who is logged in on your Linux machine and what they are doing.
The typical usage of
w command is:
$ w [options] user
When you run w command without any options, it will display all currently logged in users in your Linux system:
08:42:30 up 28 min, 2 users, load average: 1.30, 0.87, 0.45 USER TTY FROM [email protected] IDLE JCPU PCPU WHAT sk tty1 - 08:41 42.00s 0.10s 0.06s -bash ostechni pts/1 192.168.225.37 08:42 6.00s 0.09s 0.01s w
As you can see in the above output, currently there are two users (sk and ostechni) logged into my Ubuntu server. The
w command displays the following details for the individual users:
- login name,
- the tty name,
- source IP address from which the user logged in,
- login time,
- idle time,
- JCPU time (the time used by all processes attached to the tty),
- PCPU time (the time used by the current process),
- and the command line of their current process.
If you want to display the details of a specific logged in user (E.g. ostechnix), the command would be:
$ w ostechnix 08:51:36 up 37 min, 2 users, load average: 1.12, 1.06, 0.76 USER TTY FROM [email protected] IDLE JCPU PCPU WHAT ostechni pts/1 192.168.225.37 08:42 0.00s 0.09s 0.01s w ostech
You can omit the header from the output using
$ w -h sk tty1 - 08:41 16:13 0.10s 0.06s -bash ostechni pts/1 192.168.225.37 08:42 1.00s 0.09s 0.01s w -h
You can also display IP address instead of hostname for
"FROM" (remote hostname) field using
$ w -i
You may not want to print all the details. If so, you can exclude the login time, JCPU or PCPU times using
$ w -s 09:02:50 up 48 min, 2 users, load average: 0.31, 0.79, 0.84 USER TTY FROM IDLE WHAT sk tty1 - 21:02 -bash ostechni pts/1 192.168.225.37 1.00s w -s
For more details, check man pages:
$ man w
Or, refer help section:
$ w --help Usage: w [options] Options: -h, --no-header do not print header -u, --no-current ignore current process username -s, --short short format -f, --from show remote hostname field -o, --old-style old style output -i, --ip-addr display IP address instead of hostname (if possible) --help display this help and exit -V, --version output version information and exit For more details see w(1).
2. Display all logged in users using
who command is yet another command line tool to display information about users who are currently logged in a Linux machine.
If you run
who command without any options, it will display all logged in users:
sk tty1 2021-01-12 08:41 ostechnix pts/1 2021-01-12 08:42 (192.168.225.37)
As you see in the above output,
who command shows the username, type of the terminal device (E.g.
pts) on which the session took place, boot time and the source IP address from which the user logged in.
You can filter details for a specific user with
$ who | grep ostechnix ostechnix pts/1 2021-01-12 08:42 (192.168.225.37)
The above command will find if the given user ostechnix is logged in or not.
If you want to display information only for the current terminal session, run:
$ who am i ostechnix pts/1 2021-01-12 08:42 (192.168.225.37)
Please note the spaces between the words. If you execute the above command without any spaces, it will only display the username:
$ whoami ostechnix
who command has few other options to get customised output.
For example, you can display all available information of current logins using
$ who -a
system boot 2021-01-12 08:14 sk - tty1 2021-01-12 08:41 00:59 1463 run-level 5 2021-01-12 08:15 ostechnix + pts/1 2021-01-12 08:42 . 1477 (192.168.225.37) LOGIN tty6 2021-01-12 08:41 1366 id=tty6
To display all available information with column headers, use
$ who -a -H NAME LINE TIME IDLE PID COMMENT EXIT system boot 2021-01-12 08:14 sk - tty1 2021-01-12 08:41 00:59 1463 run-level 5 2021-01-12 08:15 ostechnix + pts/1 2021-01-12 08:42 . 1477 (192.168.225.37) LOGIN tty6 2021-01-12 08:41 1366 id=tty6
For more details, refer the man pages and help section of who command using any one of the following commands:
$ man who
$ who --help
3. Print logged in users with
users command prints the user names of users currently logged in to the current host system.
To display a list of all logged in users in a Linux machine, run:
$ users ostechnix sk
To get help, run any one of the following commands:
$ man users
$ users --help
4. View logged in users with
last command usually displays all the users that have ever logged in and out of a Linux machine since the
/var/log/wtmp file was created.
The list of currently logged in users are shown at the top.
ostechni pts/1 192.168.225.37 Tue Jan 12 08:42 still logged in sk tty1 Tue Jan 12 08:41 still logged in ostechni tty1 Tue Jan 12 08:41 - 08:41 (00:00) sk pts/1 192.168.225.37 Tue Jan 12 08:41 - 08:41 (00:00) [...]
For help, see man pages or use
$ man last
$ last --help
5. Find who is logged in a Linux system using id command
id command is used to print user and group information for the specified USER, or for the current user when USER is omitted.
To print the currently logged in user in the current session, run
id command with
$ id -un ostechnix
This is same as the
To get help, do:
$ man id
$ id --help
All of the aforementioned tools are available by default in most Linux distributions. There is one more command line tool available to find who is logged in a Linux system. It is not installed by default, but available in the default repositories of most Linux distributions.
6. List logged in users with finger command
Finger is a command line user information lookup utility. It displays the user's login name, real name, terminal name and write status, idle time, login time, office location and office phone number etc.
The finger program is not installed by default in some Linux distributions. You can install finger in Debian, Ubuntu systems using apt package manager like below:
$ sudo apt install finger
Once installed, run finger command to find logged in users in your Linux system:
Login Name Tty Idle Login Time Office Office Phone ostechnix ostechnix pts/1 Jan 12 08:42 (192.168.225.37) sk *tty1 3:17 Jan 12 08:41
Display information about a specific user:
$ finger ostechnix
Login: ostechnix Name: ostechnix Directory: /home/ostechnix Shell: /bin/bash On since Tue Jan 12 08:42 (UTC) on pts/1 from 192.168.225.37 2 seconds idle No mail. No Plan.
These are a few methods to find the currently logged in users in a Linux system. Knowing who is logged in and finding what they are doing in your system can be helpful at troubleshooting times. I hope one of the aforementioned methods will help you out.