Tracking user sessions and managing them efficiently is a core responsibility for Linux system administrators. In this post, we’ll explore two essential commands: who for monitoring active sessions and loginctl for advanced session management.
The who Command: Monitoring User Sessions
The who command is a standard Linux utility that displays details about users currently logged into the system. It gathers this information from the /var/run/utmp file, which logs active user sessions.
Basic Syntax
Default Output
When run without any options, the who command outputs:
- Username: The name of the logged-in user.
- TTY: The terminal (e.g.,
tty1orpts/0) where the user session is active. - Login Time: The date and time when the session started.
- Remote Host: The IP address or hostname for remote logins.
Useful Options for the who Command
| Option | Description |
|---|---|
-a | Displays all available session details, including idle times, PIDs, and exit codes of sessions. |
-b | Displays the last system boot time. |
-m | Shows session information for the current terminal (equivalent to who am i). |
-q | Summarizes the number of users currently logged in. |
-T | Displays whether each terminal is writable or not. |
-u | Shows idle times for logged-in users. |
Examples of Using the who Command
1. View All Active Sessions
To display all logged-in users and their session details:
Example Output:
2. Show All Session Details
To get comprehensive information, including idle times and process IDs:
Example Output:
3. Display the Last System Boot Time
To find out when the system was last booted:
Example Output:
4. Check the Current User’s Session
To view details about your current terminal:
Example Output:
5. Count the Number of Logged-In Users
To see a list of logged-in users and the total count:
Example Output:
Managing Sessions with the loginctl Command
The loginctl command is part of systemd and is a powerful tool for managing user sessions. It allows you to list, inspect, and control user sessions programmatically.
Basic Syntax
Key Commands in loginctl
| Command | Description |
|---|---|
list-sessions | Lists all active sessions on the system. |
show-session <ID> | Displays detailed information about a specific session. |
terminate-session <ID> | Terminates a specific session. |
lock-session <ID> | Locks a specific session, preventing access. |
unlock-session <ID> | Unlocks a specific session. |
Examples of Using the loginctl Command
1. List All Active Sessions
To display a list of all sessions, including user IDs and TTYs:
Example Output:
2. Show Details of a Specific Session
To inspect session 1 and get detailed metadata:
Example Output:
3. Terminate a Session
To end a session forcefully:
This command will kill all processes associated with session 2.
4. Lock a Session
To lock a session and prevent unauthorized access:
5. Unlock a Session
To unlock a previously locked session:
Technical Notes for Administrators
whoLimitations:- The
whocommand relies on/var/run/utmp. If this file is missing or corrupted, the output may be incomplete. - It does not provide details about inactive sessions or session metadata.
- The
loginctlAdvantages:- Provides detailed information about sessions, including whether they are local or remote.
- Allows granular session control, making it ideal for managing multi-user systems.
- Works seamlessly with
systemd, ensuring compatibility with modern Linux distributions.
- Best Practices:
- Regularly check active sessions (
whoorloginctl list-sessions) to ensure no unauthorized users are logged in. - Use
loginctl terminate-sessionto clean up stale or unresponsive sessions. - Monitor system logs (
journalctl) for anomalies in session management.
- Regularly check active sessions (
Conclusion
The who command is a lightweight and straightforward tool for monitoring logged-in users, while loginctl offers advanced session management capabilities in systemd-based systems. By mastering these commands, Linux administrators can ensure efficient and secure session handling.
