By Alain Francois, Alibaba Cloud Community Blog author
As an administrator, you can need to grant some access on your server for the remote users such as your employees or collaborators. You can also need to set up a public server which should be accessible over internet, which means that someone can try to penetrate your server.
At that moment it's important to know exactly the existing users/accounts in your server and the users actually connected for a better troubleshooting. There are some commands in Linux which can help you to reach that goal. We will learn the commands to use in this case
On your system you can list all the existing users that you have by using some commands or by checking the content of the /etc/passwd
and /etc/shadow
files.
Local user account data is stored in local files, such as the /etc/passwd
file. It's a file consisting of 07 entries
By listing the content of this file, we can have all the users of the system but we will need to filter the file to have only the column with the useful information by using the awk
command
$ cat /etc/passwd | awk -F: '{ print $1}'
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-timesync
systemd-network
systemd-resolve
systemd-bus-proxy
_apt
dnsmasq
avahi-autoipd
messagebus
usbmux
geoclue
speech-dispatcher
sshd
rtkit
pulse
avahi
colord
saned
Debian-gdm
hplip
alain-francois
dimitri
peter
The getent
command is used to display the entries of a number of Name Service Switch libraries, including passwd, group, hosts, aliases, and networks. You can use that command to list your existing users but that command will give you the same output as the /etc/passwd
file
$ getent passwd | awk -F: '{ print $1}'
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-timesync
systemd-network
systemd-resolve
systemd-bus-proxy
_apt
dnsmasq
avahi-autoipd
messagebus
usbmux
geoclue
speech-dispatcher
sshd
rtkit
pulse
avahi
colord
saned
Debian-gdm
hplip
alain-francois
dimitri
peter
For more security your Linux machine uses the Shadow Suite which is a set of authentication tools and utilities that insinuates itself into the mix of the /etc/passwd file and user accounts. When the Shadow Suite is installed, the system stores encrypted passwords in the /etc/shadow
file for user accounts and the /etc/gshadow
file for group accounts. This consists of 08 entries
# cat /etc/shadow | awk -F: '{ print $1}'
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-timesync
systemd-network
systemd-resolve
systemd-bus-proxy
_apt
dnsmasq
avahi-autoipd
messagebus
usbmux
geoclue
speech-dispatcher
sshd
rtkit
pulse
avahi
colord
saned
Debian-gdm
hplip
alain-francois
dimitri
peter
There is a bash built-in command called compgen which shows normally all available commands, aliases, and functions. But when you use that with the option -u
, it shows the existing users
$ compgen -u
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-timesync
systemd-network
systemd-resolve
systemd-bus-proxy
_apt
dnsmasq
avahi-autoipd
messagebus
usbmux
geoclue
speech-dispatcher
sshd
rtkit
pulse
avahi
colord
saned
Debian-gdm
hplip
alain-francois
alain
francois
There are some commands that you can use to display the users connected on your server. Each command displays
This command lists the users who are actually log in to the system and also shows you what they are doing. It means that if a user is editing a file, it will let you know that the user is editing a file.
The command displays the informations in two parts, first you have a header of 6 items showing
and a table consisting of 08 columns:
To understand properly how the command works, we currently have 2 users remotely connected to our computer so that we can have a view on the results of the command
$ w
09:19:21 up 1 day, 3:40, 4 users, load average: 0.76, 0.61, 0.72
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
alain-fr tty2 :0 Thu05 27:40m 4:10m 0.29s /opt/google/chrome/chrome --type=renderer --field-trial-handle=4941997322712276813,1
alain-fr pts/0 mycomputer Thu05 27:38m 0.05s 0.05s /bin/bash
dimitri pts/6 192.168.1.8 22:51 4:02m 0.18s 0.09s vi document
peter pts/4 192.168.1.5 09:19 5.00s 0.11s 0.11s -bash
By default it gives a report about all the users who have logged in using a console or GUI login window. It will not show the users connected through a window in a GUI that emulates a console commonly called terminal windows.
The w
command can be used with some options to filter the result so that you will be able to display only the necessary information that you need. You can use the w --help
command to list the available options
The command who shows the users who are actually logged on the system but it doesn't show what they are doing. The output of the command is a little similar to the w
command but in short format consisting only of 4 columns showing the users logged on the system, the rfor example theemote host, the tty and since when they are logged into the system.
$ who
alain-francois tty2 2019-07-25 05:40 (:0)
alain-francois pts/0 2019-07-25 05:40 (mycomputer)
dimitri pts/6 2019-07-25 22:51 (192.168.1.8)
peter pts/4 2019-07-26 09:19 (192.168.1.5)
You can display the information with a header line using the -H
option
$ who -H
NAME LINE TIME COMMENT
alain-francois tty2 2019-07-25 05:40 (:0)
alain-francois pts/0 2019-07-25 05:40 (mycomputer)
dimitri pts/6 2019-07-25 22:51 (192.168.1.8)
peter pts/4 2019-07-26 09:19 (192.168.1.5)
Or you can print only the logged on users with the total numbers of users for a better information
$ who -q
alain-francois alain-francois francois alain
# users=4
To list the different option available to filter the results to display. Use the who --help
command to list the different options
$ who --help
Usage: who [OPTION]... [ FILE | ARG1 ARG2 ]
Print information about users who are currently logged in.
-a, --all same as -b -d --login -p -r -t -T -u
-b, --boot time of last system boot
-d, --dead print dead processes
-H, --heading print line of column headings
--ips print ips instead of hostnames. with --lookup,
canonicalizes based on stored IP, if available,
rather than stored hostname
-l, --login print system login processes
--lookup attempt to canonicalize hostnames via DNS
-m only hostname and user associated with stdin
-p, --process print active processes spawned by init
-q, --count all login names and number of users logged on
-r, --runlevel print current runlevel
-s, --short print only name, line, and time (default)
-t, --time print last system clock change
-T, -w, --mesg add user's message status as +, - or ?
-u, --users list users logged in
--message same as -T
--writable same as -T
--help display this help and exit
--version output version information and exit
The users command prints the users currently logged in the system. It doesn't give any additionnal information
$ users
alain-francois alain-francois dimitri peter
You can see that this command is very limited but useful if you only want to list the users. You can also list the number of users by combining it with the wc
command
$ users | wc -w
4
There are two commands which also displays the user logged in the systems but it's only limited to the session of the current user. It means that if you switch to another user, the command will only display that session information. Those commands are
$ whoami
alain-francois
$ id
uid=1000(alain-francois) gid=1000(alain-francois) groups=1000(alain-francois),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev),113(bluetooth),114(lpadmin),119(scanner),999(docker)
As a system administrator, sometimes you need to make sure there is no access violation on your server. We have seen some commands which can help you to be aware on who is connected which the possibility to know what they are doing
2,599 posts | 764 followers
FollowAlibaba Cloud MVP - March 13, 2020
Alibaba Clouder - January 27, 2020
Alibaba Clouder - February 11, 2020
Alibaba Clouder - April 2, 2021
Sabith - August 2, 2018
Alibaba Clouder - June 5, 2019
2,599 posts | 764 followers
FollowSecure your cloud resources with Resource Access Management to define fine-grained access permissions for users and groups
Learn MoreElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreLearn More
More Posts by Alibaba Clouder