Introduction
In this lab, we will delve into the Linux who command, a valuable tool for systemadmin tasks, providing insights into currently logged-in users. We'll grasp the fundamental usage of the who command, understand how to refine its output, and explore the various data points it offers. This lab falls under the umbrella of User and Permission Management, a crucial skillset for system administrators to monitor and understand system activity.
This hands-on lab is structured into three key stages: Understanding the who Command, Analyzing the who Command Output, and Filtering the who Command's Results. Through these steps, you'll develop a solid understanding of the who command and its practical applications within a Linux environment.
Understand the who Command
In this section, we will investigate the who command, a powerful Linux utility that reveals information about users currently logged into the system.
The who command provides vital details such as the username, terminal being used, login timestamp, and the remote host (if applicable) from which the user connected. This information is extremely useful for system administrators and users alike in monitoring and understanding real-time system activity.
Let's begin by executing the basic who command:
whoExample output:
labex pts/0 2023-04-11 09:15 (172.17.0.1)This output indicates that the user labex is logged in on the pts/0 terminal. The login occurred at 2023-04-11 09:15 from the remote host identified as 172.17.0.1.
The who command's capabilities are enhanced with various options. Some frequently used options include:
who -a: Offers a more extensive output, encompassing idle time and the process ID (PID) of the user's shell.who -H: Presents a header row, clearly labeling each column in the output.who -q: Displays a concise list of logged-in users, showing only usernames.who am i: Reveals information specifically about the current user.
Let's experiment with some of these options:
who -aExample output:
labex pts/0 2023-04-11 09:15 00:00 (172.17.0.1)The -a option here reveals the idle time, which is 00:00, meaning the user is actively interacting with the terminal.
who -HExample output:
NAME LINE TIME COMMENT
labex pts/0 2023-04-11 09:15 (172.17.0.1)The -H option significantly improves readability by including a header line, explaining the data in each column.
who am iExample output:
labex pts/0 2023-04-11 09:15 (172.17.0.1)The who am i command shows information pertinent to the currently logged-in user.
Explore the Output of the who Command
In this section, we'll take a deeper look at the who command's output, dissecting its fields to understand the data it provides in detail.
Let's execute the who command once again:
whoExample output:
labex pts/0 2023-04-11 09:15 (172.17.0.1)The who command's output is structured into the following fields:
- Username: This is the username of the logged-in user, in this case,
labex. - Terminal: This indicates the terminal or session where the user is logged in, represented here as
pts/0. - Login Time: This represents the date and time when the user initiated the login session, shown as
2023-04-11 09:15. - Remote Host: This indicates the IP address or hostname of the system from which the user is connecting remotely, displayed as
(172.17.0.1).
Let's explore each field in more depth:
Username: The username field simply displays the name of the user that is currently logged into the system. As an example, this will show the username labex.
Terminal: The terminal field identifies the specific terminal or session the user is utilizing. Within a typical Linux environment, this could be something like tty1, pts/0, pts/1, and so on. These represent different types of terminal connections.
Login Time: The login time shows the exact date and time when the user successfully logged into the system.
Remote Host: The remote host field shows the IP address or hostname of the remote system from which the user has established a connection. If the user is logged in from a Docker container, such as in this case, the remote host may be (172.17.0.1).
Let's try another scenario with multiple logged-in users:
sudo useradd -m testuser
sudo su - testuser
whoExample output:
labex pts/0 2023-04-11 09:15 (172.17.0.1)
testuser pts/1 2023-04-11 09:20 (172.17.0.1)In this scenario, we create a new user called testuser and switch the active session to this user. The who command now displays both users, labex and testuser, as logged in to the system.
Filter the Output of the who Command
This section focuses on how to effectively filter the output of the who command to retrieve specific information based on our requirements.
The who command's output can be extensive, especially on systems with many active users. We can leverage command-line utilities such as grep, awk, and cut to filter and refine the output.
Let's start by filtering the output to show only a list of usernames:
who | awk '{print $1}'Example output:
labexThe awk '{print $1}' command will extract the first field (the username) from the output generated by the who command.
Next, let's filter the output to display only the login times:
who | awk '{print $4, $5}'Example output:
2023-04-11 09:15In this case, awk '{print $4, $5}' extracts the fourth and fifth fields (login date and time) from the who command's output.
We can also use grep to filter based on specific criteria. For example, to display only users who logged in from a certain remote host:
who | grep '(172.17.0.1)'Example output:
labex pts/0 2023-04-11 09:15 (172.17.0.1)The grep '(172.17.0.1)' command filters the output to display only lines containing the string (172.17.0.1), which represents the remote host in this context.
These examples demonstrate a few techniques for filtering the who command's output. You can combine these methods to retrieve the precise data you require efficiently.
Summary
In this lab exercise, we've examined the who command within the Linux operating system, a crucial utility for systemadmin tasks that presents information regarding currently logged-in users. We've learned that the who command reveals key details such as the username, the terminal in use, login timestamps, and the remote host originating the connection. We also explored various options available for the who command, allowing for customized output, like displaying detailed views, including header lines for clarity, or presenting only usernames. Moreover, we covered the who am i command, useful for displaying specific information about the currently active user.