Header Ads

Breaking News

How to assess user activity in Linux

If you’re managing a Linux server, it’s good to be ready with a number of commands that you can use to check user activity – when your users are logging in and how often, what groups they belong to, how much disk space they’re consuming, what command they’re running, how much disk space they’re occupying, if they’re reading their mail and more.

In this post, we’ll look at a number of commands that can help you understand who your user are and how they work.


One handy command for getting a user profile is finger. It allows you to see who is logged in or focus on a single user to view their last login, where they logged in from, how long they’ve been idle (how long since they ran a command), etc. In this command, we are looking at the user nemo.

$ finger nemo
Login: nemo                             Name: Nemo Demo
Directory: /home/nemo                   Shell: /bin/bash
On since Fri Jun 19 12:58 (EDT) on pts/1 from
   7 minutes 47 seconds idle
New mail received Wed Jun 17 18:31 2020 (EDT)
     Unread since Sat Jun 13 18:03 2020 (EDT)
No Plan.

We can see nemo’s full name, home directory and shell. We can also see nemo’s most recent login and email activity. Office, office phone and home phone numbers are only included if they are defined in the /etc/passwd file in the full name field. For example:

nemo:x:1001:1001:Nemo Demo,11,540-222-2222,540-333-3333:/home/nemo:/bin/bash).

The output above also indicates that nemo doesn’t have a “plan”, but this just means that he hasn’t created a .plan file and put some text into it; this is not at all unusual.

Without arguments, finger will display a list of current logins in the format shown below. You can see when they logged in, the IP address they logged in from, the pseudo terminal in use (e.g., pts/1) and how long they’ve been idle.

Copyright © 2020 IDG Communications, Inc.

Source Link

No comments