From LQWiki

The command who typed at the command line in a terminal will show a list of people logged in at the moment. The format of this list is:

• Login name,
• Which terminal they are logged in to,
• And at what date and time they logged in.

who -r will show you the current run level

Example

Mostly, you will find some unexplainable logins on your system, like the following if you are logged in once:

$ who
root     :0           Dec  3 11:31
root     pts/0        Dec  3 11:32
root     pts/1        Dec  3 11:36
$

These login needn't be hackers hijacking your computer. Find it out with who -Hi:

$ who -Hi
who: Warning: -i will be removed in a future release;   use -u instead
NAME     LINE         TIME         IDLE          PID COMMENT
root     :0           Dec  3 11:31   ?          3268
root     pts/0        Dec  3 11:32 00:13        3690
root     pts/1        Dec  3 11:36   .          4320
$ ps -A | grep 3268
 3268 ?        00:00:00 startkde
$ ps -A | grep 3690
 3690 ?        00:00:03 kded
$ ps -A | grep 4320
 4320 pts/1    00:00:00 bash

In this case, all root logins can be explained by KDE and the bash. So, there is no hacker on your system.

Kick out users

Now we come to the fun part - kicking out users. For that, we just kill their login processes. In the following example, the user kicks out himself:

$ who -Hi
who: Warning: -i will be removed in a future release;   use -u instead
NAME     LINE         TIME         IDLE          PID COMMENT
root     pts/0        Nov 26 10:47   .         19483 (p54a951f3.dip.t-dialin.net)
root     pts/1        Nov 26 10:44   ?          1957 (p54a951f3.dip.t-dialin.net)
$ kill -9 19483
Connection to myvps closed.
scorpio:~ #