If you have a linux server, It is absolutely necessary to know how to check the users that are logged in to your system and what they are doing. To do that, you have to get yourself familiar with number of different linux commands. In this guide, we will show you how to identify the user accounts on a linux system using commands like whoami, id, and more.


First of all, you need to check the username that you have used to log in. We can use the following command to see our username


As you can see, The whoami command tells you your username.


The who command will give you information about who is logged on the system.



The w command shows you who is logged on and what they are doing.



The id command will give you your user id, primary group id, and a list of the groups that


On RHEL/CentOS you will also get SELinux context information with this command.


Finger is another useful command that we can use to monitor the logged in users. It can also show how long they’ve been idle (how long since they ran a command), etc. In this command, we are looking at the user root.

#finger rd

We can see rd’s full name, home directory and shell. We can also see rd’s most recent login and email activity. Office, office phone and home phone numbers are only included if they are defined in the /etc/passwd file in the full name field.


You can yank information from the /var/log/auth.log file with commands like grep. To show the most recent login activity using auth.log data, you can run a command like this one:

#grep “New session” /var/log/auth.log

The following two tabs change content below.
Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.