Parsing the output of w
is probably a better approach than who
. Here are some representative data, which shows the login time:
$ who
tom pts/1 2015-11-15 06:39 (michener:S.0)
$ w
06:40:10 up 1:04, 1 user, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tom pts/1 michener:S.0 06:39 2.00s 0.03s 0.00s w
Those are more widely available than finger
. Since this is a classroom exercise, parsing the data is left to OP. As a hint, awk can do more than print its fields in a one-liner:
- Typically, one would handle the output of
w
by having in the awk script a BEGIN
section (to set a line-number or state).
- Then, a default action for each line (just curly braces with no pattern) would increment the line number.
- Using the line number, handle the first line specially (skip it in this case: OP may need the number of users for a report header, but that is not used in OP's example), and skip the line with
USER
.
- After that, each line can be printed as OP needs.
awk
will quit when there is no more data; it is not necessary to know the number of users to do this.
If OP is told to use who
, that has options to list more information, e.g.,
$ who -l -u
LOGIN tty5 2015-11-15 05:36 3670 id=5
LOGIN tty6 2015-11-15 05:36 3671 id=6
LOGIN tty4 2015-11-15 05:36 3669 id=4
LOGIN tty3 2015-11-15 05:36 3668 id=3
LOGIN tty2 2015-11-15 05:36 3667 id=2
LOGIN tty1 2015-11-15 05:36 3666 id=1
tom pts/1 2015-11-15 06:39 00:06 5780 (michener:S.0)
tom pts/2 2015-11-15 06:52 . 6078 (michener:S.1)
again, showing the terminal name and the login times.
Given the context of wanting to reboot a Linux system, I would take a multi-pronged approach.
First, disable future logins by creating an /etc/nologin
file. You could leave it blank or enter informative text in there, such as:
"Logins to this system have been temporarily disabled in preparation for a server reboot, scheduled for (time and date). Please try again after (expected end time)."
Don't forget to remove /etc/nologin when you're done!
Additionally, since a reboot will clear all processes, whether they're interactive or not, I would use ps
to look for processes owned by users. This will take some manual investigation to determine whether the processes are worth keeping or not, but should narrow the field some. I've hard-coded 1000 here as the value of UID_MIN from /etc/login.defs as the cutoff for "system" vs "user" UIDs. If any of your users have UIDs below 1000, you'll need to adjust that number.
ps -eo pid,uid,args | awk '$2 >= 1000'
Of course, you could adjust the ps
columns to taste, perhaps to add the translated username and process start time (ps -eo pid,uid,user,start,args
) or others -- just be careful to keep the ps
UID and awk
field in sync with each other.
To get the list of unique user names, use:
ps -eo user,uid | awk 'NR>1 && $2 >= 1000 && ++seen[$2]==1{print $1}'
Best Answer
There is no record or log kept of which user was responsible for creating each user. Technically, all users are created by
root
anyway.