As a Linux system administrator, understanding user identity and system utilization is critical. Three simple yet powerful commands provide insight into who is logged on and what processes they are running – "who", "w", and "whoami". In this comprehensive guide, we‘ll explore the purpose, syntax, and output of each.

The "who" Command: User Identity and Login Status

The "who" command displays information about users currently logged into the system. With various options, it reveals user names, login times, terminals, hostnames, and more.

At its simplest, running just "who" prints out one line per user with their name, terminal, login time/date, and hostname if applicable:

$ who
jsmith pts/1 2023-02-11 15:03 (10.10.0.100)
bgates pts/2 2023-02-11 14:22 (server01)

This quickly shows who is on the system and how they connected. Now let‘s explore some useful options:

Display Message Status with "-T"

The "-T" flag adds a column showing if a user has new messages waiting:

$ who -T
jsmith pts/1 2023-02-11 15:03 (10.10.0.100) +
bgates pts/2 2023-02-11 14:22 (server01) -

The "+" and "-" indicate messages are present or not.

See Last System Boot with "-b"

To print when the system was last booted, use "-b":

$ who -b
         system boot  2023-02-11 13:45

This can confirm uptime or spot unexpected restarts.

Check Run Level with "-r"

Run levels control which services are active. Verify the current level with "-r":

$ who -r
run-level 3  2023-02-11 15:10

Now you can check if settings match expectations.

Count Logged In Users with "-q"

For a quick user count, -q adds a summary:

$ who -q
2 users  + 1 inactive       =     3 (UNIX:2)

It quantifies current logins versus past inactive sessions.

As demonstrated above, "who" offers several handy options to inspect user connections and system state. Next, we‘ll look at gathering even more detailed activity data with "w".

The "w" Command: User Activity and Process Info

While "who" shows who is on the system, "w" reveals what those users are actually doing. For every active terminal, it prints:

  • User name
  • Terminal
  • Login time
  • Current process and status
  • CPU utilization
  • And more

Below is sample output:

$ w
 15:22:16 up 21:45,  2 users,  load average: 0.05, 0.02, 0.01
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
jsmith   pts/1    10.10.0.100     14:29    2:12   0.07s  0.07s vim report.txt
bgates   pts/2    server01        15:15    3.00s  0.08s  0.04s top

Let‘s break this down field-by-field:

  • Idle – How long since user input, revealing active vs idle terminals
  • JCPU – Total CPU seconds used by all processes attached to the terminal session
  • PCPU – CPU seconds consumed by the currently running process
  • What – The active foreground process name and arguments

As shown above, "w" provides tremendous insight into how users are utilizing the system moment to moment.

Additionally, the first line reveals overall utilization – uptime, user count, and load averages for 1, 5, and 15 minute periods. This delivers a system health snapshot alongside the per-user activity data.

In summary, if you need in-depth visibility into current terminal sessions and process execution, "w" is invaluable.

Now let‘s look at quickly confirming the active user‘s identity with "whoami".

The "whoami" Command: Show Effective User Identity

In Linux, users can switch identities with the "su" command. Plus, scripts and programs may run on behalf of other users. How can you check the effective user context after these changes?

The "whoami" command prints the current user name to standard output. No matter how an interactive shell or process was launched, it reveals who you are acting as at that moment:

$ whoami
jsmith

Unlike "who" which shows all logged in users, "whoami" answers the question – "what is my username right now?".

This is useful in scripts that escalate privileges or run commands as other users:

sudo su - adminuser -c ‘echo "Now running as"; whoami‘ 
Now running as
adminuser

Or to validate if an environment variable switch took effect:

$ SUDO_USER=jdoe whoami 
jdoe

Outside of scripts, manually launched root shells can also be verified:

$ sudo su - 
# whoami
root

So despite changes via "su", "sudo", "runuser", or other methods, "whoami" will always print the user that current shell or process is actually executing under.

Additional "whoami" Options

"whoami" supports two simple yet useful options:

  • –help – Prints usage instructions
  • –version – Displays software version for troubleshooting

Conclusion

While consisting of only one word, "whoami" delivers an important piece of data – the actively running user identity. Use this command to validate context changes, script users, or debug unexpected permissions.

Now that we‘ve covered "who", "w", and "whoami" individually, let‘s discuss how to use them together for even greater insight.

Combining Commands for More User Intelligence

In isolation, "who", "w", and "whoami" provide user, process and system intelligence. But UNIX philosophy espouses combining simple programs for even more powerful results. What extra visibility do we gain by chaining these commands?

Link Usernames to Processes

Take the earlier "w" output showing running processes:

$ w
[...]  
bgates pts/2    server01        15:15    3.00s  0.08s  0.04s top

We see user "bgates" is consuming CPU time by running "top", but what exact process ID owns that "top"? Without the PID, we cannot further inspect resource usage per thread, watch detailed statistics, send signals, and so on.

Fortunately, we can pair "w" with "whoami" to expose the PID:

$ w -h | awk ‘{print $1, $7, whoami "--" $1 "-l" }‘

bgates pts/2 15:15:21 bgates pts/2 2023-02-11 15:15 08943

Here‘s what this does:

  • w -h prints the header row plus per-user detail
  • awk selects the username, terminal, and process start time fields
  • whoami "--" $1 "-l" adds the PID using the stored username

Now every running process is linked to the exact PID owned by that user!

Tracking PIDs then allows further process management, statistics gathering, and troubleshooting.

Show User Messages

Earlier we saw "who -T" displaying message indicators per logged in user. But what if you actually wanted to read those messages?

Once again we can augment the base "who" to provide more context:

$ for i in $(who | awk ‘{print $1}‘); do echo $i; sudo -u $i cat /var/spool/mail/$i; done

Breaking this down:

  • who collects logged in usernames
  • for loops through each user
  • sudo -u temporarily becomes that user
  • cat /var/spool/mail prints any messages

Rather than just a +/- flag whether messages exist, now admins can actually read notification content to understand issues.

Conclusion: Greater Insights via Composition

While already powerful, wrapping "who", "w", "whoami" in scripts unlocks even more targeted visibility. Following the UNIX philosophy of simplicity and composability leads to some incredibly versatile user, resource, and process intelligence tools.

Summary

This concludes our deep dive on the Linux "who", "w", and "whoami" commands. We explored the purpose, common options, sample outputs, and contextual pairing of each. Key takeaways include:

  • who – Shows logged in users and login metadata like terminals and hostnames
  • w – Prints per-user activity data like processes, CPU utilization, idle status
  • whoami – Reveals the effective user identity an interactive shell or process is running as
  • Combining commands – Allows tracking PIDs, reading user messages, and gaining additional system visibility

These simple yet immensely useful Linux tools offer tremendous visibility into user sessions, resource utilization, and process execution. Mastering "who", "w", and "whoami" unlocks both targeted troubleshooting and high-level system health insights. Whether you‘re assessing performance, monitoring activity, or debugging issues, keep these commands in mind.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *