Tracking user sessions and managing them efficiently is a core responsibility for Linux system administrators. In this post, we’ll explore two essential commands: who for monitoring active sessions and loginctl for advanced session management.
The who Command: Monitoring User Sessions
The who command is a standard Linux utility that displays details about users currently logged into the system. It gathers this information from the /var/run/utmp file, which logs active user sessions.
Basic Syntax
who [options]Default Output
When run without any options, the who command outputs:
- Username: The name of the logged-in user.
- TTY: The terminal (e.g.,
tty1orpts/0) where the user session is active. - Login Time: The date and time when the session started.
- Remote Host: The IP address or hostname for remote logins.
Useful Options for the who Command
| Option | Description |
|---|---|
-a | Displays all available session details, including idle times, PIDs, and exit codes of sessions. |
-b | Displays the last system boot time. |
-m | Shows session information for the current terminal (equivalent to who am i). |
-q | Summarizes the number of users currently logged in. |
-T | Displays whether each terminal is writable or not. |
-u | Shows idle times for logged-in users. |
Examples of Using the who Command
1. View All Active Sessions
To display all logged-in users and their session details:
whoExample Output:
user1 tty1 2024-11-29 09:15
user2 pts/0 2024-11-29 09:202. Show All Session Details
To get comprehensive information, including idle times and process IDs:
who -aExample Output:
system boot 2024-11-29 08:50
user1 + tty1 2024-11-29 09:15 old 1234 id=1
user2 + pts/0 2024-11-29 09:20 . 5678 id=23. Display the Last System Boot Time
To find out when the system was last booted:
who -bExample Output:
system boot 2024-11-29 08:504. Check the Current User’s Session
To view details about your current terminal:
who -mExample Output:
user1 tty1 2024-11-29 09:155. Count the Number of Logged-In Users
To see a list of logged-in users and the total count:
who -qExample Output:
user1 user2
# users=2Managing Sessions with the loginctl Command
The loginctl command is part of systemd and is a powerful tool for managing user sessions. It allows you to list, inspect, and control user sessions programmatically.
Basic Syntax
loginctl [OPTIONS] COMMANDKey Commands in loginctl
| Command | Description |
|---|---|
list-sessions | Lists all active sessions on the system. |
show-session <ID> | Displays detailed information about a specific session. |
terminate-session <ID> | Terminates a specific session. |
lock-session <ID> | Locks a specific session, preventing access. |
unlock-session <ID> | Unlocks a specific session. |
Examples of Using the loginctl Command
1. List All Active Sessions
To display a list of all sessions, including user IDs and TTYs:
loginctl list-sessionsExample Output:
SESSION UID USER SEAT TTY
1 1000 user1 seat0 tty1
2 1001 user2 seat0 pts/02. Show Details of a Specific Session
To inspect session 1 and get detailed metadata:
loginctl show-session 1Example Output:
Id=1
User=1000
Name=user1
Remote=no
Service=tty
Leader=12343. Terminate a Session
To end a session forcefully:
sudo loginctl terminate-session 2This command will kill all processes associated with session 2.
4. Lock a Session
To lock a session and prevent unauthorized access:
loginctl lock-session 15. Unlock a Session
To unlock a previously locked session:
loginctl unlock-session 1Technical Notes for Administrators
whoLimitations:- The
whocommand relies on/var/run/utmp. If this file is missing or corrupted, the output may be incomplete. - It does not provide details about inactive sessions or session metadata.
- The
loginctlAdvantages:- Provides detailed information about sessions, including whether they are local or remote.
- Allows granular session control, making it ideal for managing multi-user systems.
- Works seamlessly with
systemd, ensuring compatibility with modern Linux distributions.
- Best Practices:
- Regularly check active sessions (
whoorloginctl list-sessions) to ensure no unauthorized users are logged in. - Use
loginctl terminate-sessionto clean up stale or unresponsive sessions. - Monitor system logs (
journalctl) for anomalies in session management.
- Regularly check active sessions (
Conclusion
The who command is a lightweight and straightforward tool for monitoring logged-in users, while loginctl offers advanced session management capabilities in systemd-based systems. By mastering these commands, Linux administrators can ensure efficient and secure session handling.
