Table of Contents
- 1.
who– Checking Active Users in Real-Time - 2.
last– Reviewing User Login History - 3.
w– Monitoring User Activity - 4.
id– Understanding User Identity and Permissions - Conclusion
In the dynamic world of Linux system administration, monitoring user activity is crucial for security, system integrity, and overall efficiency. Whether you’re managing a corporate server, a personal workstation, or a multi-user environment, knowing who is logged in, what they are doing, and their access privileges can help prevent unauthorized usage, identify potential security risks, and streamline system performance.
Imagine running a Linux server with multiple users, some accessing files, others executing critical processes, and a few perhaps trying something suspicious. How do you keep track of who’s online, when they logged in, what commands they are running, and what permissions they have? Fortunately, Linux provides powerful built-in commands to help administrators monitor user activity effectively.
In this article, we'll explore four essential commands: who, last, w, and id. These tools give you insight into current and past user sessions, helping you maintain control over your system while ensuring security and efficiency.
1. who – Checking Active Users in Real-Time
The who command is your go-to tool for quickly identifying users currently logged into the system. Think of it as a live dashboard displaying real-time user activity.
Why is it useful?
- Tracks logged-in users in real-time.
- Assists in system troubleshooting.
- Essential for security audits.
Example Usage:
who
Typical output:
user1 pts/0 2025-06-08 12:45
admin pts/1 2025-06-08 12:50
This output tells us that two users (user1 and admin) are actively connected to the system.
2. last – Reviewing User Login History
The last command provides historical data about previous logins, offering insights into when users accessed the system and from where.
Why is it useful?
- Helps detect suspicious login attempts.
- Useful for auditing user activity.
- Assists in troubleshooting access issues.
Example Usage:
last
Example output:
user1 pts/0 2025-06-07 18:30 still logged in
admin pts/1 2025-06-07 17:45 1h 30m
Here, we see that user1 logged in yesterday and is still online, while admin accessed the system for 1 hour and 30 minutes before logging out.
3. w – Monitoring User Activity
Unlike who, the w command doesn’t just show logged-in users—it also displays their ongoing tasks and system resource consumption.
Why is it useful?
- Helps track real-time system usage.
- Identifies resource-heavy processes.
- Useful for diagnosing system performance issues.
Example Usage:
w
Example output:
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user1 pts/0 192.168.1.5 12:45 10:05 0.45s 0.30s vim test.py
admin pts/1 192.168.1.10 12:50 00:10 1.20s 0.80s top
Here, user1 is editing a Python script using vim, while admin is monitoring system processes using top.
4. id – Understanding User Identity and Permissions
The id command gives vital information about user IDs and group memberships, helping administrators manage user privileges.
Why is it useful?
- Verifies user identity and permissions.
- Essential for managing access rights.
- Helps troubleshoot user restrictions.
Example Usage:
id
Example output:
uid=1001(user1) gid=1001(user1) groups=1001(user1),27(sudo)
This output shows that user1 belongs to the sudo group, meaning they have administrative privileges.
Conclusion
System administrators play a vital role in ensuring Linux systems run smoothly and securely. The commands who, last, w, and id empower administrators with crucial insights into user activity, enabling them to monitor login sessions, track resource usage, and manage access permissions efficiently.
By mastering these commands, you can enhance security, optimize system performance, and gain better control over your Linux environment. Whether you’re troubleshooting issues, preventing unauthorized access, or simply keeping an eye on system usage, these tools are invaluable for maintaining a robust and well-managed Linux system.
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.