How to use the command 'who' (with examples)
The who
command is an essential utility in the Unix and Unix-like operating systems, used for displaying information about the users currently logged into the system. This command helps network administrators, security analysts, and system administrators monitor user activity and control access to servers. Primarily, it outputs the username, terminal line, and login time of each session, but it can provide more detailed information when used with specific options. The command essentially serves to enhance the understanding of user activity on the system and can be pivotal in managing system resources, security monitoring, and troubleshooting.
Use case 1: Displaying the username, line, and time of all currently logged-in sessions
Code:
who
Motivation: When administrating a multi-user system or server, knowing who is logged in is crucial. This helps system administrators keep track of active sessions, ensure authorized access, and manage system resources efficiently. It serves as a primary tool for checking user availability and identifying unauthorized users.
Explanation:
Running the who
command with no options provides a simple and straightforward list of users currently logged into the system. The typical output includes:
- Username: The name of the logged-in user.
- Line: The terminal line that the user is connected through.
- Time: The time when the user logged in.
Example output:
john tty7 2023-10-13 08:56
doe pts/2 2023-10-13 09:45
smith pts/3 2023-10-13 10:22
This output shows that users named “john,” “doe,” and “smith” are logged in on different terminals at various times.
Use case 2: Displaying all available information
Code:
who -a
Motivation: Sometimes a much more detailed picture of user sessions is required, especially for troubleshooting purposes. This includes not only who is logged in but also the system status, boot time, and idle processes. It aids system administrators in an in-depth analysis of the current system state, providing insights into potential issues or irregularities.
Explanation:
The -a
option in the who
command aggregates all available information related to user sessions and system processes. This additional information includes:
- System Boot Time: When the system was last started.
- Active Processes and Dead Processes: Information about active init processes or those waiting for login, and dead processes.
- Logged Information: Related data such as logged-in users, sessions, and their activities.
- Idle Time: How long the user’s terminal has been idle.
Example output:
system boot 2023-10-13 07:30
john + tty7 2023-10-13 08:56 . 555 id=5
doe + pts/2 2023-10-13 09:45 old 456 id=7
smith - pts/3 2023-10-13 10:22 00:01 789 id=1
This output shows the boot time of the system and more detailed information about each user session, such as the idle time and session ID.
Use case 3: Displaying all available information with table headers
Code:
who -a -H
Motivation: For enhanced readability, especially when dealing with many logged-in users, displaying table headers can help interpret and analyze the data more efficiently. This is particularly useful in environments where multiple users access the terminal simultaneously, allowing for easier distinction between the elements of each record in the output.
Explanation:
The -H
option adds headers to the output when used alongside the -a
option. The headers serve as a guide, detailing what each column represents—making the data more accessible and the list of outputs more understandable.
Example output:
NAME LINE TIME IDLE PID COMMENT EXIT
system boot 2023-10-13 07:30
john tty7 2023-10-13 08:56 . 555 id=5
doe pts/2 2023-10-13 09:45 old 456 id=7
smith pts/3 2023-10-13 10:22 00:01 789 id=1
With headers, it becomes clearer which data corresponds to usernames, login times, idle times, or process IDs. This aids system administrators, particularly in those environments with complex and multi-faceted user data.
Conclusion
The who
command stands out as a necessary tool for managing and administering user sessions in Unix and Unix-like operating systems. Its capability to present both concise and detailed information makes it highly adaptable for different administrative needs, whether for daily monitoring, security auditing, or comprehensive system analysis. The various options associated with the command enhance its utility, providing tailored insights readily accessible to any system administrator.