Who
The command who typed at the command line in a terminal will show a list of people logged in at the moment. The format of this list is:
- Login name,
- Which terminal they are logged in to,
- And at what date and time they logged in.
who -r will show you the current run level
Example
Mostly, you will find some unexplainable logins on your system, like the following if you are logged in once:
$ who root :0 Dec 3 11:31 root pts/0 Dec 3 11:32 root pts/1 Dec 3 11:36 $
These login needn't be hackers hijacking your computer. Find it out with who -Hi:
$ who -Hi who: Warning: -i will be removed in a future release; use -u instead NAME LINE TIME IDLE PID COMMENT root :0 Dec 3 11:31 ? 3268 root pts/0 Dec 3 11:32 00:13 3690 root pts/1 Dec 3 11:36 . 4320 $ ps -A | grep 3268 3268 ? 00:00:00 startkde $ ps -A | grep 3690 3690 ? 00:00:03 kded $ ps -A | grep 4320 4320 pts/1 00:00:00 bash
In this case, all root logins can be explained by KDE and the bash. So, there is no hacker on your system.
More info
You can try a special variant of the command that produces different output on some distributions.
$ who am i
Kick out users
Now we come to the fun part - kicking out users. For that, we just kill their login processes. In the following example, the user kicks out himself:
$ who -Hi who: Warning: -i will be removed in a future release; use -u instead NAME LINE TIME IDLE PID COMMENT root pts/0 Nov 26 10:47 . 19483 (p54a951f3.dip.t-dialin.net) root pts/1 Nov 26 10:44 ? 1957 (p54a951f3.dip.t-dialin.net) $ kill -9 19483 Connection to myvps closed. scorpio:~ #
Provided by
Most (all?) Linux distributions incorporate this from the GNU Coreutils: and use its man page
Related Commands
All of these relate to user information.
- id - dump UID and GID information.
- logname - show the login name.
- whoami - show effective user ID.
- groups - show groups of the current user.
- users - show who is logged in.
See also
This article is a stub and needs to be finished. Plunge forward and help it grow!