How to List All Currently Logged-In Users on Linux

administrationlinuxusers

I have a system I'm managing (running RHEL 8) that has multiple users in our small office, who log into it in various ways — locally at the console, remotely via SSH and NoMachine Workstation. When I do updates that include a new kernel, or for some other reason I need to reboot the machine, I'd like to make sure there are no currently logged-in users, so I'm not interrupting users who are running software on the machine.

So what I'd like to have is a command that lists all currently logged in users.

I've done quite a bit of searching on this topic, and the methods I've found in response to this question are simply wrong, in the sense that they provably do not work.

The commands who, w, and users do NOT list all logged-in users. As I'm writing this there are three users currently logged in to the computer in question, including myself. These commands list only one of these three (incidentally, I'm not one of them). The one user who is listed by these commands is logged in via SSH and has an open terminal. Another user who has no TTY but has several GUI applications open with their X displays piped to his laptop through SSH does not appear, and neither do I (I have a graphical login via NoMachine). In fact, who -m returns no output when I run it. I can use ps -ef to list all processes and find processes currently running for all these users.

The command last | grep 'still logged in' (suggested here) results in the same incomplete list as above (it's getting its information from the same source).

So, repeating the question — what is the definitive method to get a list of all logged in users (users who have authenticated via the normal mechanisms, and have interactive processes currently running under their user IDs) ? I'd like to do this without searching through the output of ps.

EDIT — The users on this workstation are all authenticating via LDAP, however I've verified that this is not related to the question. I have created a local user account, which also does not show up in response to who or users when logged in by the same means as described above.

Best Answer

Given the context of wanting to reboot a Linux system, I would take a multi-pronged approach.

First, disable future logins by creating an /etc/nologin file. You could leave it blank or enter informative text in there, such as:

"Logins to this system have been temporarily disabled in preparation for a server reboot, scheduled for (time and date). Please try again after (expected end time)."

Don't forget to remove /etc/nologin when you're done!

Additionally, since a reboot will clear all processes, whether they're interactive or not, I would use ps to look for processes owned by users. This will take some manual investigation to determine whether the processes are worth keeping or not, but should narrow the field some. I've hard-coded 1000 here as the value of UID_MIN from /etc/login.defs as the cutoff for "system" vs "user" UIDs. If any of your users have UIDs below 1000, you'll need to adjust that number.

ps -eo pid,uid,args | awk '$2 >= 1000'

Of course, you could adjust the ps columns to taste, perhaps to add the translated username and process start time (ps -eo pid,uid,user,start,args) or others -- just be careful to keep the ps UID and awk field in sync with each other.

To get the list of unique user names, use:

ps -eo user,uid | awk 'NR>1 && $2 >= 1000 && ++seen[$2]==1{print $1}'

Related Solutions

Linux Users – List Users Created by Current User

There is no record or log kept of which user was responsible for creating each user. Technically, all users are created by root anyway.

Bash – List logged in users (name, terminal, logintime)

Parsing the output of w is probably a better approach than who. Here are some representative data, which shows the login time:

$ who
tom      pts/1        2015-11-15 06:39 (michener:S.0)
$ w
 06:40:10 up  1:04,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
tom      pts/1    michener:S.0     06:39    2.00s  0.03s  0.00s w

Those are more widely available than finger. Since this is a classroom exercise, parsing the data is left to OP. As a hint, awk can do more than print its fields in a one-liner:

Typically, one would handle the output of w by having in the awk script a BEGIN section (to set a line-number or state).
Then, a default action for each line (just curly braces with no pattern) would increment the line number.
Using the line number, handle the first line specially (skip it in this case: OP may need the number of users for a report header, but that is not used in OP's example), and skip the line with USER.
After that, each line can be printed as OP needs. awk will quit when there is no more data; it is not necessary to know the number of users to do this.

If OP is told to use who, that has options to list more information, e.g.,

$ who -l -u
LOGIN    tty5         2015-11-15 05:36              3670 id=5
LOGIN    tty6         2015-11-15 05:36              3671 id=6
LOGIN    tty4         2015-11-15 05:36              3669 id=4
LOGIN    tty3         2015-11-15 05:36              3668 id=3
LOGIN    tty2         2015-11-15 05:36              3667 id=2
LOGIN    tty1         2015-11-15 05:36              3666 id=1
tom      pts/1        2015-11-15 06:39 00:06        5780 (michener:S.0)
tom      pts/2        2015-11-15 06:52   .          6078 (michener:S.1)

again, showing the terminal name and the login times.

Best Answer

Related Solutions

Linux Users – List Users Created by Current User

Bash – List logged in users (name, terminal, logintime)

Related Question