A useful administrative tool is to see what users are logged onto the server. Another tool not only shows who is logged on, but it also shows what programs they are running.
- A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).
The simplest command to display the logged on users is the following:
# users jon
This command only displays the usernames of logged on users — nothing more.
If you want to see more information about each logon, execute:
# who jon ttyp0 Nov 8 10:47 (192.168.0.100)
Here you can see the username, what tty they are using, their log on timestamp, and finally the IP address they are connecting from.
A more useful utility will display more information about the users when executed:
# w 10:47AM up 11 days, 1:40, 1 user, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT jon p0 192.168.0.100 10:47AM - w
As you can see, the first line is the equivalent to the uptime(1) command. Following that, You will get a heading row to describe the real output. As you can see, w(1) displays the username, the tty they are using, where they are connecting from, the log on timestamp, how long they have been idle, and finally, what program(s) they are using.
While all of these commands are useful for seeing who is logged on, it is important to give only administrative users access to them. You can find more information on securing these commands in the hardening guide.