As a Linux system administrator, understanding user identity and system utilization is critical. Three simple yet powerful commands provide insight into who is logged on and what processes they are running – "who", "w", and "whoami". In this comprehensive guide, we‘ll explore the purpose, syntax, and output of each.
The "who" Command: User Identity and Login Status
The "who" command displays information about users currently logged into the system. With various options, it reveals user names, login times, terminals, hostnames, and more.
At its simplest, running just "who" prints out one line per user with their name, terminal, login time/date, and hostname if applicable:
$ who
jsmith pts/1 2023-02-11 15:03 (10.10.0.100)
bgates pts/2 2023-02-11 14:22 (server01)
This quickly shows who is on the system and how they connected. Now let‘s explore some useful options:
Display Message Status with "-T"
The "-T" flag adds a column showing if a user has new messages waiting:
$ who -T
jsmith pts/1 2023-02-11 15:03 (10.10.0.100) +
bgates pts/2 2023-02-11 14:22 (server01) -
The "+" and "-" indicate messages are present or not.
See Last System Boot with "-b"
To print when the system was last booted, use "-b":
$ who -b
system boot 2023-02-11 13:45
This can confirm uptime or spot unexpected restarts.
Check Run Level with "-r"
Run levels control which services are active. Verify the current level with "-r":
$ who -r
run-level 3 2023-02-11 15:10
Now you can check if settings match expectations.
Count Logged In Users with "-q"
For a quick user count, -q
adds a summary:
$ who -q
2 users + 1 inactive = 3 (UNIX:2)
It quantifies current logins versus past inactive sessions.
As demonstrated above, "who" offers several handy options to inspect user connections and system state. Next, we‘ll look at gathering even more detailed activity data with "w".
The "w" Command: User Activity and Process Info
While "who" shows who is on the system, "w" reveals what those users are actually doing. For every active terminal, it prints:
- User name
- Terminal
- Login time
- Current process and status
- CPU utilization
- And more
Below is sample output:
$ w
15:22:16 up 21:45, 2 users, load average: 0.05, 0.02, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
jsmith pts/1 10.10.0.100 14:29 2:12 0.07s 0.07s vim report.txt
bgates pts/2 server01 15:15 3.00s 0.08s 0.04s top
Let‘s break this down field-by-field:
- Idle – How long since user input, revealing active vs idle terminals
- JCPU – Total CPU seconds used by all processes attached to the terminal session
- PCPU – CPU seconds consumed by the currently running process
- What – The active foreground process name and arguments
As shown above, "w" provides tremendous insight into how users are utilizing the system moment to moment.
Additionally, the first line reveals overall utilization – uptime, user count, and load averages for 1, 5, and 15 minute periods. This delivers a system health snapshot alongside the per-user activity data.
In summary, if you need in-depth visibility into current terminal sessions and process execution, "w" is invaluable.
Now let‘s look at quickly confirming the active user‘s identity with "whoami".
The "whoami" Command: Show Effective User Identity
In Linux, users can switch identities with the "su" command. Plus, scripts and programs may run on behalf of other users. How can you check the effective user context after these changes?
The "whoami" command prints the current user name to standard output. No matter how an interactive shell or process was launched, it reveals who you are acting as at that moment:
$ whoami
jsmith
Unlike "who" which shows all logged in users, "whoami" answers the question – "what is my username right now?".
This is useful in scripts that escalate privileges or run commands as other users:
sudo su - adminuser -c ‘echo "Now running as"; whoami‘
Now running as
adminuser
Or to validate if an environment variable switch took effect:
$ SUDO_USER=jdoe whoami
jdoe
Outside of scripts, manually launched root shells can also be verified:
$ sudo su -
# whoami
root
So despite changes via "su", "sudo", "runuser", or other methods, "whoami" will always print the user that current shell or process is actually executing under.
Additional "whoami" Options
"whoami" supports two simple yet useful options:
- –help – Prints usage instructions
- –version – Displays software version for troubleshooting
Conclusion
While consisting of only one word, "whoami" delivers an important piece of data – the actively running user identity. Use this command to validate context changes, script users, or debug unexpected permissions.
Now that we‘ve covered "who", "w", and "whoami" individually, let‘s discuss how to use them together for even greater insight.
Combining Commands for More User Intelligence
In isolation, "who", "w", and "whoami" provide user, process and system intelligence. But UNIX philosophy espouses combining simple programs for even more powerful results. What extra visibility do we gain by chaining these commands?
Link Usernames to Processes
Take the earlier "w" output showing running processes:
$ w
[...]
bgates pts/2 server01 15:15 3.00s 0.08s 0.04s top
We see user "bgates" is consuming CPU time by running "top", but what exact process ID owns that "top"? Without the PID, we cannot further inspect resource usage per thread, watch detailed statistics, send signals, and so on.
Fortunately, we can pair "w" with "whoami" to expose the PID:
$ w -h | awk ‘{print $1, $7, whoami "--" $1 "-l" }‘
bgates pts/2 15:15:21 bgates pts/2 2023-02-11 15:15 08943
Here‘s what this does:
w -h
prints the header row plus per-user detailawk
selects the username, terminal, and process start time fieldswhoami "--" $1 "-l"
adds the PID using the stored username
Now every running process is linked to the exact PID owned by that user!
Tracking PIDs then allows further process management, statistics gathering, and troubleshooting.
Show User Messages
Earlier we saw "who -T" displaying message indicators per logged in user. But what if you actually wanted to read those messages?
Once again we can augment the base "who" to provide more context:
$ for i in $(who | awk ‘{print $1}‘); do echo $i; sudo -u $i cat /var/spool/mail/$i; done
Breaking this down:
who
collects logged in usernamesfor
loops through each usersudo -u
temporarily becomes that usercat /var/spool/mail
prints any messages
Rather than just a +/- flag whether messages exist, now admins can actually read notification content to understand issues.
Conclusion: Greater Insights via Composition
While already powerful, wrapping "who", "w", "whoami" in scripts unlocks even more targeted visibility. Following the UNIX philosophy of simplicity and composability leads to some incredibly versatile user, resource, and process intelligence tools.
Summary
This concludes our deep dive on the Linux "who", "w", and "whoami" commands. We explored the purpose, common options, sample outputs, and contextual pairing of each. Key takeaways include:
- who – Shows logged in users and login metadata like terminals and hostnames
- w – Prints per-user activity data like processes, CPU utilization, idle status
- whoami – Reveals the effective user identity an interactive shell or process is running as
- Combining commands – Allows tracking PIDs, reading user messages, and gaining additional system visibility
These simple yet immensely useful Linux tools offer tremendous visibility into user sessions, resource utilization, and process execution. Mastering "who", "w", and "whoami" unlocks both targeted troubleshooting and high-level system health insights. Whether you‘re assessing performance, monitoring activity, or debugging issues, keep these commands in mind.