How to List Current Logged-In Users in Linux VPS?
Listing current logged-in users in Linux VPS is an essential administration task, especially if you work in a multi-user Linux environment. Here are various ways to list current logged-in users in Linux VPS at a glance:
- The users command
- The w command
- The who command
- Reading the content of /etc/passwd file using commands cat, less, more, cut, awk, and getent
- The last command
- The finger command
- The grep command
- The lastlog command
After buying Linux VPS, learning how to list users is crucial because monitoring logged-in users in Linux VPS enhances efficiency, security, and compliance.
8 Linux command to list logged-in users on Linux VPS
Login records on Linux systems are typically stored in the /var/log/wtmp (records all logins and logouts) and /var/log/utmp (records current logged-in users) files. Also, the /etc/passwd file in Linux contains essential information including username, password placeholder, user ID, group ID, user extra information, home directory, and shell about all user accounts on the Linux system.
Almost all the following commands somehow retrieve information from these files.
Therefore, access your Linux VPS using an SSH client and launch the terminal with root privilege.
1. The users command to view users in Linux VPS
The most simple way to display a list of the usernames of currently logged-in users to the Linux VPS is using the users command. Its basic syntax is as follows:
usersExample output:
root opera aliceThis command will output a space-separated list of usernames corresponding to active sessions. If you see a specific username multiple times, this means a user is logged in multiple times.
2. The w command to find current logged-in users in Linux VPS
If you want to get a comprehensive view of who is logged in and their activity on the system, using the w command is useful. Its basic syntax is as follows:
wExample output:
18:24:07 up 5:45, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.10 17:10 1:14 0.09s 0.09s -bash
opera pts/1 192.168.1.11 18:00 0.00s 0.02s 0.00s wAs you see this command provides you a more detailed about users in Linux VPS.
The output of the w command provides the below information about users:
- USER: The username of the logged-in user.
- TTY: The terminal line.
- FROM: The remote host or IP address that user is logged in from.
- LOGIN@: User login time.
- IDLE: Defines how time user has been idle.
- JCPU: The CPU time used by all processes attached to the terminal.
- PCPU: The CPU time used by the current process.
- WHAT: The command line of the user’s current process.
The w command enables users to modify its behavior with its several options. Here are some common options:
| Options | Function |
|---|---|
| -h | Not display header. |
| -s | Displays short format by omitting the login time, JCPU, PCPU, and WHAT columns |
| -u | Ignores current process username. |
| -f | Shows FROM (remote hostname) field if it does not appear. |
| -i | Displays IP address instead of hostname. |
3. The who command to display all logged-in users in Linux VPS
Using the who command gives you more detailed information about current logged-in users in Linux VPS. Its basic syntax to list all logged-in users on a Linux system is as follows:
whoExample output:
root pts/0 2024-07-09 10:42 (:0)
opera pts/1 2024-07-09 11:03 (192.168.1.11)As you see this command will display a list of all logged-in users along with their login time, terminal, username, and remote host (remote IP address).
You can use various options with the who command to change the default output. Here are some of the options for the who command:
| Options | Function |
|---|---|
| -H | Shows a header row. |
| -q | Displays only the username and number of users logged in. |
| -b | Shows the time of the last system boot. |
| -u | Displays the idle time for each user. |
| -a | Shows the time of the last system boot, dead processes, login processes, active processes, last system clock change, user’s message status, and more details. |
4. Reading the content of /etc/passwd file to monitor users in Linux VPS
As we mentioned previously, the /etc/passwd file in Linux contains information about users on a Linux system and each line in the file represents a user account and provides different data. This file includes lines with the following syntax:
username:x:1001:1001:User Name:/home/username:/bin/bashEach line of the /etc/passwd file contains information such as username, encrypted password (x), user ID (numerical identifier for a user), group ID for the user, user ID info (typically used for the user’s full name), home directory (path to the user’s home directory) and user’s login shell.
Therefore, you can retrieve information from this file using various commands to view available users on Linux VPS, including:
The cat command:
The cat command in Linux displays the contents of the /etc/passwd file. Therefore, this command prints a list of users in Linux along with detailed information. Therefore, you can run the following command:
cat /etc/passwdThe less command:
The less command also allows you to view the contents of the file one screen at a time and scroll through the file (forward and backward navigation). Therefore, you can run the following command:
less /etc/passwdThe more command:
The more command performs similarly to less command with limited backward movement. Therefore you can use the more command in Linux to display the contents of the /etc/passwd file one screen at a time and navigate through the file using the spacebar to move forward one screen:
more /etc/passwdThe cut command
You can extract and display the only username (first field of file) from each line of the /etc/passwd file using the cut command with -d option:
cut -d : -f 1 /etc/passwdYou can print only all user IDs (third field of the file) with the following command:
cut -d: -f3 /etc/passwdThe awk command
The awk command works similarly to the cut command, which extracts and prints custom outputs from the /etc/passwd file.
For example, to print only the first field (usernames) from each line of the /etc/passwd file, use the awk command with -F option (sets the field separator to a colon (:)):
awk -F':' '{ print $1}' /etc/passwdYou can customize the output of the awk command For example, if you want to view all user IDs (third field), run the following command:
awk -F':' '{ print $3}' /etc/passwdThe getent command
The getent command queries and displays all entries from the system’s password database. Therefore, you can list all current logged-in users in Linux using:
getent passwdIn addition, this command can retrieve and display detailed information about a particular account from the system’s password database. To do this run the following command:
getent passwd particular-user5. The last command to list current logged-in users in Linux VPS
This method is suitable for listing the most recently logged-in users. The last command queries from the /var/log/wtmp binary database to show a list of users logged in since the last reboot. Its basic syntax is as follows:
lastThis command displays the user’s login times, durations, and originating IP addresses or terminals.
The last command supports several options, including:
| Options | Function |
|---|---|
| -n | Limits the number of entries displayed |
| -s | Displays logins from a specific date. |
6. The finger command to show current logged-in users in Linux VPS
The finger command in Linux is a simple and handy command line tool for listing logged-in users and obtaining detailed information such as login name, real name, terminal (TTY), idle time, login time, and other relevant information.
Since all Linux distributions do not support the finger command by default, you may need to install it on your Linux distribution. To do this use the following commands:
sudo apt install finger [On Debian, Ubuntu and Mint]
sudo yum install finger [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
sudo dnf install finger [On Fedora/RHEL]
sudo pacman -S finger [On Arch Linux]Once you equip your Linux VPS with the finger tool, run the following command to list current logged-in users in Linux VPS:
fingerExample Output:
Login Name TTY Idle Login Time Office Office Phone
john John Doe tty7 2 Jun 30 08:30 (:0)
jane Jane Smith pts/0 3 Jun 30 09:15 (192.168.1.10)You can obtain detailed information about a specific user using the ” finger ” command:
finger username7. The grep command to list all available users in Linux VPS
The grep command in Linux is used for searching text using patterns within files. Therefore, it can print information about a specific user from /etc/passwd file by searching for the specific username. To do this use the following command:
cat /etc/passwd | grep [optional username]This command extracts lines from text based on matching patterns.
Also, you can find users with specific characteristics with grep command. For example, to find all users with a home directory under /home run the following command:
grep '/home' /etc/passwd8. The lastlog command to display most recent login of all users in Linux VPS
To obtain the details of the most recent login information for all users or a specific user, the lastlog command in Linux is useful. Execute the following command to display the last login for all users:
lastlogThis command reads from the /var/log/lastlog file and provides login information for all users including, username, terminal (TTY), remote host or IP address, and date and time of the last login.
Additional Tips
- To add new users in Linux, use the
useraddcommand. - To customize any attributes of user account, use the
usermodcommand. - There are two types of user accounts on the Linux system which are normal and system users. System accounts commonly include 1-999 numbers while normal users use four-digit numbers.
Why monitoring logged-in users in Linux VPS is important?
- Facilitates effective management of user accounts.
- Helps detect unauthorized access and prevent suspicious activities.
- Ensures optimal use of system resources by managing active sessions.
- Helps in identifying and troubleshooting performance issues by monitoring user interactions.
How to Manage Users in Linux Securely?
Proper user management in Linux VPS enhances system security and efficiency. Therefore learning user management best practices is crucial.
1. To enhance security, assign the minimum privilege to users. If someone needs a sudo privilege, you can grant administrative privileges temporarily.
2. Regularly review and remove unnecessary or inactive accounts to protect your system from security risks.
3. Set strong passwords for all systems and normal users and force users to update their passwords regularly.
4. You can implement two-factor authentication (2FA) for user logins to add an additional layer of security.
5. Control access to sensitive files and directories by restricting file permissions (read, write, execute) to only authorized users.
6. Regularly monitor logs for user activities.
By implementing these practices you can manage users optimally.
Does one command provide a way to see all users and their information?
Yes, you can view all users and their details using:
cat /etc/passwdOr
getent passwdHow can I sort the user list by username only?
To list only usernames in Linux VPS the users command is the best solution.
In addition, you can use the cut command with the -d option or the awk command with the -F option to extract only usernames from the /etc/passwd file.
How to list users in Linux in alphabetical order?
To list users alphabetically, pipe output of getent or cut into the sort tool. To do this use the following commands:
getent passwd | sort -k1Or
cut -d: -f1 /etc/passwd | sortThese commands extract the username from each line in password file (/etc/passwd) and sort the output in alphabetical order.
Conclusion
This article has equipped you with basic Linux commands for optimal user management in Linux VPS.
Listing current logged-in users in Linux VPS helps detect suspicious behavior, track user activity for troubleshooting, respond to potential threats quickly, and ensure security.
Although the Linux terminal is its power, you can also use graphical tools such as control panels to manage users with GUI.