Linux Command: Who logged in?

Updated: Apr 4

Linux is a multi-user system. It is always important to know who has logged into your Linux box. This isn't just to help track the activities of malicious users, but mostly to figure out who made the mistake that crashed the system. We collect 6 Linux commands for this task.

6 ways to check who logged in Linux system?

  • w - w command shows who’s logged on and what they are doing. It displays information about current users on the machine by reading the file /var/run/utmp, and their processes /proc.

  • who - The who command prints information about all users who are currently logged in. It reads from a default file location (usually /var/run/utmp).

  • whoami - The whoami command shows you which user account you're logged in to from a terminal window.

  • id - The id command Print user and group information for the specified username

  • last - The last command shows list of last logged in users by searching the data from /var/log/wtmp file. Also it shows system reboot information.

  • tail -f /var/log/secure - It is mainly used to track the usage of authorization systems.It stores all security related messages including authentication failures.It also tracks sudo logins, SSH logins and other errors logged by system security services daemon.