View Logged On Users

General Information

A useful administrative tool is to see what users are logged onto the server. Another tool not only shows who is logged on, but it also shows what programs they are running.

Requirements

  1. A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).

users Usage

The simplest command to display the logged on users is the following:

# users
jon

This command only displays the usernames of logged on users — nothing more.

who Usage

If you want to see more information about each logon, execute:

# who
jon  ttyp0 Nov  8 10:47 (192.168.0.100)

Here you can see the username, what tty they are using, their log on timestamp, and finally the IP address they are connecting from.

w Usage

A more useful utility will display more information about the users when executed:

# w
10:47AM  up 11 days,  1:40, 1 user, load averages: 0.00, 0.00, 0.00
USER TTY  FROM LOGIN@  IDLE WHAT
jon p0 192.168.0.100    10:47AM     - w

As you can see, the first line is the equivalent to the uptime(1) command. Following that, You will get a heading row to describe the real output. As you can see, w(1) displays the username, the tty they are using, where they are connecting from, the log on timestamp, how long they have been idle, and finally, what program(s) they are using.

While all of these commands are useful for seeing who is logged on, it is important to give only administrative users access to them. You can find more information on securing these commands in the hardening guide.

Speak Your Mind

*