5.1 Basic Security and Identifying User Types (Weight: 2)
📘Linux Essentials (LPI 010-160)
In a Linux system, administrators and users often need to check who is currently logged in and what privileges they have. This is important for system monitoring, troubleshooting, and security.
Linux provides several commands that allow users to:
- See which users are currently logged in
- View login sessions and activity
- Identify user privileges
- Determine which user is executing commands
- Verify whether a user has administrative permissions
Understanding these commands is important for the Linux Essentials exam, because they help identify user types and monitor system usage.
1. Viewing Logged-In Users
Linux systems can have multiple users logged in at the same time. This is common on:
- Multi-user servers
- Remote systems accessed through SSH
- Systems where multiple terminals or graphical sessions are open
Several commands display information about currently logged-in users.
2. The who Command
The who command shows a list of users currently logged into the system.
Syntax
who
Example Output
user1 pts/0 2026-03-15 10:15
admin pts/1 2026-03-15 10:20
Information Displayed
The output usually includes:
| Column | Meaning |
|---|---|
| Username | The account currently logged in |
| Terminal | The terminal session used |
| Login Time | When the user logged in |
Example in an IT Environment
On a Linux server, an administrator can run who to see which engineers or administrators are currently connected to the server.
3. The w Command
The w command shows logged-in users and their activity.
Syntax
w
Example Output
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
admin pts/0 192.168.1.5 10:10 1:20 0.05s 0.02s bash
user1 pts/1 192.168.1.8 10:12 0.10s 0.03s 0.01s vim
Information Provided
| Field | Meaning |
|---|---|
| USER | Logged-in username |
| TTY | Terminal session |
| FROM | Remote system address |
| LOGIN@ | Login time |
| IDLE | Time since last activity |
| WHAT | Current command being used |
Why It Is Useful
System administrators can check:
- Which users are connected
- What commands they are running
- Whether sessions are active or idle
4. The users Command
The users command shows a simple list of currently logged-in users.
Syntax
users
Example Output
admin user1 user2
Key Points
- Shows only usernames
- No extra details
- Quick way to see who is logged in
5. The whoami Command
The whoami command displays the current username executing the command.
Syntax
whoami
Example Output
admin
Why This Is Important
Sometimes a user may switch accounts using commands like sudo or su.
Running whoami confirms which user account is currently active.
6. The id Command
The id command shows detailed information about a user’s identity and privileges.
Syntax
id
Example Output
uid=1000(user1) gid=1000(user1) groups=1000(user1),27(sudo)
Information Explained
| Field | Meaning |
|---|---|
| UID | User ID number |
| GID | Primary group ID |
| Groups | All groups the user belongs to |
Why This Matters
Linux uses UIDs and groups to control permissions.
If a user belongs to the sudo group, they may have administrative privileges.
7. Viewing the Current Login Name (logname)
The logname command shows the name of the user who originally logged into the session.
Syntax
logname
Example Output
user1
This command is useful when users switch accounts, because it shows the original login account.
8. Viewing Login History (last)
The last command displays previous login sessions from the system log.
Syntax
last
Example Output
user1 pts/0 192.168.1.10 Sun Mar 15 09:00 - 10:00
admin pts/1 192.168.1.11 Sun Mar 15 08:30 - 09:30
Information Displayed
- Username
- Terminal
- Remote host
- Login time
- Logout time
IT Usage
System administrators can use this command to:
- Investigate login activity
- Identify previous sessions
- Detect unauthorized logins
9. Understanding User Privileges
Linux uses permissions and privileges to control what users can do.
Privileges determine whether a user can:
- Install software
- Modify system files
- Manage other users
- Restart services
Privileges are controlled using:
- User IDs (UID)
- Group memberships
- Administrative permissions
10. Checking Administrative Privileges
Administrative privileges are usually given through the sudo system.
To check if a user has sudo privileges:
Command
sudo -l
Example Output
User admin may run the following commands:
(ALL : ALL) ALL
This means the user can run commands with administrator privileges.
11. Understanding Root Privileges
The root user has full administrative access.
To confirm if the current user is root:
Command
whoami
If the output is:
root
The user has full system privileges.
Another method:
id
If the output shows:
uid=0(root)
The account is the root user.
12. Viewing Logged-In Terminals
Each logged-in user is connected through a terminal session.
Common terminal types include:
| Terminal | Description |
|---|---|
| tty | Physical console |
| pts | Remote terminal (SSH or terminal emulator) |
Example:
pts/0
pts/1
These indicate remote or virtual terminal sessions.
13. Why Monitoring Logged-In Users Is Important
Viewing logged-in users helps administrators:
Security Monitoring
Detect unauthorized users or suspicious sessions.
System Administration
Check whether administrators are currently working on a system.
Resource Management
Identify users consuming system resources.
Troubleshooting
Determine whether a user’s session is active or disconnected.
14. Summary of Important Commands
| Command | Purpose |
|---|---|
who | Shows logged-in users and login time |
w | Displays logged-in users and their activity |
users | Lists usernames currently logged in |
whoami | Displays current username |
id | Shows UID, GID, and group membership |
logname | Displays original login username |
last | Shows login history |
sudo -l | Displays user sudo privileges |
15. Key Exam Points (Linux Essentials)
For the Linux Essentials exam, remember the following:
- Linux is a multi-user system.
- Administrators must be able to view logged-in users.
- Important commands include
who,w,users,whoami,id, andlast. - UID 0 always represents the root user.
- Group membership determines many user privileges.
- Users with sudo privileges can execute administrative commands.
- Monitoring logged-in users is essential for security and system management.
