6 commands to list the logged in users in Linux

How will you check the complete list of logged in users either current or all those attempts which have been made to connect your machine by any user and the status of connection.
Here are 6 commands which I use to view the users who have logged in recently or are currently logged in to any particular Linux machine.

Method 1
users: This command print the user names of users currently logged in to the current host without showing any much information about source, login time or any other relevant detail

# users
deepak ruchi aman rahul ramandeep

Method 2
last: This command searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments.

# last -a
deepak   pts/3        Tue Oct 16 18:01 - 18:01  (00:00)     10.10.10.30
root     pts/2        Tue Oct 16 17:51   still logged in    10.10.10.30
root     pts/1        Tue Oct 16 14:29 - 18:03  (03:34)     10.10.10.30
root     pts/3        Tue Oct 16 11:10 - 13:11  (02:00)     10.10.10.30
root     pts/1        Mon Oct 15 20:30 - 13:21  (16:51)     10.10.10.30
root     pts/3        Mon Oct 15 18:02 - 18:37  (00:34)     10.10.10.30
root     pts/1        Mon Oct 15 15:23 - 18:34  (03:11)     10.10.10.30
root     pts/1        Mon Oct 15 10:45 - 15:22  (04:36)     10.10.10.30
root     pts/2        Fri Oct 12 18:34 - 15:53 (3+21:19)    :2.0
root     pts/1        Fri Oct 12 18:07 - 19:34  (01:27)     10.10.10.30
root     pts/0        Fri Oct 12 17:57   still logged in    :0.0
root     tty1         Fri Oct 12 17:56   still logged in    :0
reboot   system boot  Fri Oct 12 17:44 - 18:03 (4+00:19)    2.6.32-220.el6.i686
 

Method 3
secure file: This file contains the logs of all the attempts made for login to your machine with authentication reports

# less /var/log/secure
Oct 16 18:01:12 localhost unix_chkpwd[3503]: password check failed for user (deepak)
Oct 16 18:01:14 localhost sshd[3501]: Failed password for deepak from 10.10.10.30 port 2326 ssh2
Oct 16 18:01:21 localhost passwd: pam_unix(passwd:chauthtok): password changed for deepak
Oct 16 18:01:21 localhost passwd: gkr-pam: couldn’t update the ‘login’ keyring password: no old password was entered
Oct 16 18:01:24 localhost sshd[3501]: Accepted password for deepak from 10.10.10.30 port 2326 ssh2
Oct 16 18:01:24 localhost sshd[3501]: pam_unix(sshd:session): session opened for user deepak by (uid=0)
Oct 16 18:01:31 localhost sshd[3501]: pam_unix(sshd:session): session closed for user deepak

Method 4
finger: If no arguments are specified, finger will print an entry for each user currently logged into the system.

# finger
Login     Name       Tty      Idle  Login Time   Office      Office Phone
deepak               pts/3          Oct 16 18:01 (10.10.10.30)
root      root       tty1       4d  Oct 12 17:56 (:0)
root      root       pts/0    6:51  Oct 12 17:57 (:0.0)
root      root       pts/1    2:08  Oct 16 14:29 (10.10.10.30)
root      root       pts/2          Oct 16 17:51 (10.10.10.30)
Method 5
who: This command shows currently logged in users with time details
# who -u
root     tty1         2012-10-12 17:56  old         1960 (:0)
root     pts/0        2012-10-12 17:57 06:51        2376 (:0.0)
root     pts/1        2012-10-16 14:29 02:09        3094  (10.10.10.30)
root     pts/2        2012-10-16 17:51   .          3454 (10.10.10.30)


Method 6
whoami: Print the user name associated with the current effective user ID

# whoami
root
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s