Administration – Checking on Users

After you have created user accounts, and let those users loose on your computer, there are several different commands you can use to keep track of how they are using your computer. Commands for checking on user activity on your Linux system that are covered in other chapters include the following:

– Use the find command to search the system for files anywhere on the system that are owned by selected users.
– Use the du command to see how much disk space has been used in selected users’ home directories.
– Use commands such as fuser, ps, and top to find out which processes users are running.

Aside from the commands just mentioned, there are commands for checking such things as who is logged into your system and getting general information about the users with accounts on your system. Here are examples of commands for getting information about people logging into your system:

List the most recent successful logins
$ last
mgsotoso pts/19 132.233.80.25 Fri Mar 6 07:40 – 08:19 (00:39)
jccamach pts/20 crilc0002.cr.int Thu Mar 5 08:16 – 10:16 (5+02:00)
jccamach pts/20 crilc0002.cr.int Thu Mar 5 07:42 – 07:43 (00:00)
mgsotoso pts/19 ecwm0mgsotoso.am Fri Feb 27 10:27 – 11:27 (01:00)
mgsotoso pts/18 ecwm0mgsotoso.am Fri Feb 27 10:25 – 11:25 (01:00)
mgsotoso pts/12 ecwm0mgsotoso.am Fri Feb 27 07:25 – 10:42 (03:17)
mgsotoso pts/18 ecwm0mgsotoso.am Thu Feb 26 11:34 – 15:58 (04:23)
mgsotoso pts/12 ecwm0mgsotoso.am Thu Feb 26 08:11 – 15:58 (07:46)
mgsotoso pts/12 ecwm0mgsotoso.am Wed Feb 25 12:04 – 16:14 (04:10)
mgsotoso pts/12 ecwm0mgsotoso.am Tue Feb 17 09:55 – 11:07 (01:11)
mgsotoso pts/12 ecwm0mgsotoso.am Tue Feb 17 09:15 – 09:54 (00:39)
mgsotoso pts/12 vpmfm-132-233-76 Fri Jan 23 19:21 – 19:39 (00:17)

Makes it easier to read the remote client hostname
$ last -a

List the most recent unsuccessful logins
$ sudo lastb
julian ssh:notty ritchie Mon Aug 6 12:28 – 12:28 (00:00)
morris ssh:notty thompson Tue Jul 31 13:08 – 13:08 (00:00)
baboon ssh:notty 10.0.0.50 Sun Jul 8 09:40 – 09:40 (00:00)
marvin ssh:notty 000db9034dce.cli Fri Jun 22 17:23 – 17:23 (00:00)

List who is currently logged in (long form)
$ who -u
greek tty3 2007-08-05 18:05 17:24 18121
jim pts/0 2007-08-06 12:29 . 20959 (server1.example.com)
root pts/3 2007-08-04 18:18 13:46 17982 (server2.example.com)
marvin pts/2 2007-07-31 23:05 old 4700 (0a0d9b34x.example.com)
giovanni pts/1 2007-08-04 15:47 old 17502 (:0.0)

List who is currently logged in (short form)
$ users
giovanni marvin greek jim root

With the last command, you can see when each user logged in (or opened a new shell) and either how long they were logged in or a note that they are “still logged in.” The tty1 and tty3 terminal lines show users working from virtual terminals on the console. The pts lines indicate a person opening a shell from a remote computer (thompson) or local X display (:0.0). We recommend you use the -a option for improved readability. The lastb command shows failed login attempts and where they are from. The who –u and users commands show information on currently logged-in users. Here are some commands for finding out more about individual users on your system:

Your identity (UID, GID and group for current shell)
$ id
uid=1000(giovanni) gid=1000(giovanni) groups=4(adm),20(dialout),24(cdrom),25(floppy),
29(audio),30(dip),44(video),46(plugdev),104(scanner),112(netdev),113(lpadmin),
115(powerdev),117(admin),1000(giovanni)

Your identity (user, tty, login date, location)
$ who am i
giovanni pts/0 Aug 3 2140 (:0.0)

User information (short)
$ finger -s giovanni
Login Name Tty Idle Login Time Office Office Phone
giovanni Giovanni Negus tty1 1d Aug 4 13:39 A-111 555-1212

User information (long)
$ finger -l giovanni
Login: giovanni Name: Giovanni Soto
Directory: /home/giovanni Shell: /bin/bash
Office: A-111, 555-1212 Home Phone: 555-2323
On since Sat Aug 4 13:39 (CDT) on tty1 2 days idle
New mail received Mon Aug 6 13:46 2007 (CDT)
Unread since Sat Aug 4 09:32 2007 (CDT)
No Plan.

Besides displaying basic information about the user (login, name, home directory, shell, and so on), the finger command will also display any information stored in special files in the user’s home directory. For example, the contents of the user’s ~/.plan and ~/.project files, if those files exist, are displayed at the end of the finger output. With a one-line .project file and multi-line .plan file, output could appear as follows:

User information (long, .project and .plan files)
$ finger -l giovanni

Project:
My project is to take over the world.
Plan:
My grand plan is
to take over the world
by installing Linux on every computer

Advertisements

About msotela

This blog is for anyone who wants to access the power of a Linux system as a systems administrator or user. You may be a Linux enthusiast, a Linux professional, or possibly a computer professional who is increasingly finding the Windows systems in your data center supplanted by Linux boxes.

Posted on September 23, 2009, in Unix/Linux. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: