In this guide, I will show you how to find who is logged on the Linux system.

As a Linux administrator, you need to check who is logged into the system. It can be done in many ways. I will show you, how to check this in the Linux system.

Command «w»

w displays information about the users currently on the machine, and
their processes.

The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.

User – Displays the name of the user currently logged in the system.
TTY – The Terminal number of a user.
FROM – The IP Address of user.
LOGIN@ – Login Time of a user.
IDLE – The Free time after the execution of the last command performed by a user.
JCPU – The JCPU time is the time used by all processes attached to the tty.
PCPU – The PCPU time is the time used by the current process, named in the “what” field.
WHAT – Current process executed by a user.

Command «who»

who command output contains the following values such as login user name, tty number, date & time, and remote host.

Command «whoami»

whoami — displays the username of the current user. whoami with space (who am i) that will give you more details compared with whoami.

Command «users»

users command prints the usernames of users currently logged in to the current host.

Command «last»

last command show list of last logged in users and it shows system reboot information.


You can get the list of logged-in users from authentication logs.
User authentication logs are located at /var/log/secure for RHEL based systems and /var/log/auth.log for Debian based systems.