users Command

Display the usernames of all users currently logged into the system in a simple, space-separated format.

Syntax

users [OPTION]... [FILE]

The users command reads the system's utmp file to display currently logged-in users, showing each username once per login session.

Common Options

Option Description
--help Display help information
--version Show version information
FILE Read from specified file instead of /var/run/utmp

Basic Usage

Display current users

# Show all logged-in users users # Output: alice bob charlie alice # Users command with no options users # Check if any users are logged in users || echo "No users logged in"

Basic usage to display currently logged-in users

Understanding the output

# Example output explanation users # Output: root john john mary # This means: # - root is logged in once # - john is logged in twice (two sessions) # - mary is logged in once # Compare with who command for details who # Shows detailed information about each session

Understand what the users output represents

Processing users output

# Count total login sessions users | wc -w # Count unique users users | tr ' ' '\n' | sort -u | wc -l # List unique users users | tr ' ' '\n' | sort -u # Check if specific user is logged in users | grep -q "john" && echo "John is logged in"

Process and analyze users command output

Comparison with Other Commands

users vs who vs w

# users - simple username list users # Output: alice bob alice # who - detailed login information who # Output: # alice pts/0 2025-01-16 10:30 (192.168.1.100) # bob pts/1 2025-01-16 11:15 (192.168.1.101) # alice pts/2 2025-01-16 12:00 (192.168.1.100) # w - users with current activity w # Shows users, load average, and what they're doing # whoami - current user only whoami # Output: alice

Compare different user information commands

Command Comparison
users
  • Simple username list
  • Shows duplicates
  • Minimal output
  • Fast execution
who
  • Detailed login info
  • Login time
  • Terminal/IP
  • More comprehensive
w
  • Current activity
  • System load
  • Process information
  • Most detailed
whoami
  • Current user only
  • Single username
  • No session info
  • Identity check

Practical Examples

System monitoring

# Monitor user logins continuously watch -n 5 users # Check if system has users logged in if [ -n "$(users)" ]; then echo "Users are logged in: $(users)" else echo "No users logged in" fi # Count current sessions SESSION_COUNT=$(users | wc -w) echo "Current sessions: $SESSION_COUNT" # Alert if too many users USER_COUNT=$(users | tr ' ' '\n' | sort -u | wc -l) if [ $USER_COUNT -gt 5 ]; then echo "Warning: $USER_COUNT users logged in" fi

Monitor system user activity

Security monitoring

# Check for unexpected users EXPECTED_USERS="alice bob charlie" CURRENT_USERS=$(users | tr ' ' '\n' | sort -u | tr '\n' ' ') for user in $CURRENT_USERS; do if ! echo "$EXPECTED_USERS" | grep -q "$user"; then echo "Unexpected user logged in: $user" fi done # Log user activity echo "$(date): Users logged in: $(users)" >> /var/log/user-activity.log # Check for root login if users | grep -q "root"; then echo "WARNING: Root user is logged in" fi

Security monitoring and alerting

System administration

#!/bin/bash # User session monitoring script LOG_FILE="/var/log/user-sessions.log" # Function to log user activity log_users() { local timestamp=$(date '+%Y-%m-%d %H:%M:%S') local user_list=$(users) local session_count=$(echo "$user_list" | wc -w) local unique_count=$(echo "$user_list" | tr ' ' '\n' | sort -u | wc -l) echo "$timestamp - Sessions: $session_count, Unique users: $unique_count, Users: $user_list" >> "$LOG_FILE" } # Check for maintenance window maintenance_check() { local current_hour=$(date +%H) if [ $current_hour -ge 2 ] && [ $current_hour -le 4 ]; then if [ -n "$(users)" ]; then echo "Users logged in during maintenance window: $(users)" fi fi } # Run checks log_users maintenance_check # Cleanup old logs (keep 30 days) find /var/log -name "user-sessions.log*" -mtime +30 -delete

Administrative scripts for user monitoring

Scripting with users

User presence detection

#!/bin/bash # Check if specific user is logged in check_user_login() { local username="$1" if users | grep -q "\b$username\b"; then echo "$username is logged in" return 0 else echo "$username is not logged in" return 1 fi } # Usage check_user_login "alice" check_user_login "bob" # Wait for user to log in wait_for_user() { local username="$1" echo "Waiting for $username to log in..." while ! users | grep -q "\b$username\b"; do sleep 10 done echo "$username has logged in" } # Wait for all users to log out wait_for_empty_system() { echo "Waiting for all users to log out..." while [ -n "$(users)" ]; do echo "Users still logged in: $(users)" sleep 30 done echo "All users have logged out" }

Scripts for user presence detection

Session management

#!/bin/bash # Session management utilities # Count sessions per user count_user_sessions() { users | tr ' ' '\n' | sort | uniq -c | while read count user; do echo "$user: $count sessions" done } # Find users with multiple sessions find_multiple_sessions() { users | tr ' ' '\n' | sort | uniq -c | awk '$1 > 1 {print $2 " has " $1 " sessions"}' } # Generate user report user_report() { echo "=== User Session Report ===" echo "Date: $(date)" echo "Total sessions: $(users | wc -w)" echo "Unique users: $(users | tr ' ' '\n' | sort -u | wc -l)" echo echo "Sessions per user:" count_user_sessions echo echo "Multiple sessions:" find_multiple_sessions } # Run report user_report

Session management and reporting scripts

Integration with other tools

# Combine users with other commands # Show users and system load echo "Users: $(users | wc -w), Load: $(uptime | awk '{print $NF}')" # Users and memory usage echo "Users logged in: $(users | tr ' ' '\n' | sort -u | wc -l)" echo "Memory usage: $(free -h | awk '/^Mem:/ {print $3 "/" $2}')" # Users and disk usage users | tr ' ' '\n' | sort -u | while read user; do if [ -d "/home/$user" ]; then usage=$(du -sh "/home/$user" 2>/dev/null | cut -f1) echo "$user: $usage" fi done # Users and process count users | tr ' ' '\n' | sort -u | while read user; do proc_count=$(ps -u "$user" --no-headers | wc -l) echo "$user: $proc_count processes" done

Integrate users command with system monitoring

Alternative Data Sources

Using different utmp files

# Default utmp file users # Specify custom utmp file users /var/run/utmp # Use wtmp for historical data (if supported) users /var/log/wtmp # Check different utmp locations ls -la /var/run/utmp /var/log/utmp /run/utmp 2>/dev/null # Compare different sources echo "Current users (utmp): $(users)" echo "Who output: $(who | wc -l) entries"

Use different data sources with users command

Manual utmp parsing

# Alternative ways to get user information # Using who command who | awk '{print $1}' | sort # Using w command w -h | awk '{print $1}' | sort # Using ps to find login shells ps -eo user,comm | grep -E "(bash|zsh|sh)$" | awk '{print $1}' | sort -u # Using loginctl (systemd systems) loginctl list-users --no-legend | awk '{print $2}' # Check /proc for active sessions ls /proc/*/loginuid 2>/dev/null | wc -l

Alternative methods to get user login information

Troubleshooting

Common Issues
  • No output - No users currently logged in
  • Permission denied - Cannot read utmp file
  • Stale entries - utmp file may have stale data
  • Missing users - Some login methods may not update utmp
  • Duplicate entries - Multiple sessions for same user

Diagnostic commands

# Check utmp file ls -la /var/run/utmp file /var/run/utmp # Compare different user commands echo "users: $(users)" echo "who count: $(who | wc -l)" echo "w count: $(w -h | wc -l)" # Check for stale entries who -d # Show dead processes # Verify utmp integrity utmpdump /var/run/utmp | tail -10 # Check system logs journalctl -u systemd-logind | tail -10

Diagnose users command issues

System maintenance

# Clean stale utmp entries (be careful!) # This should typically be done by the system # Check utmp file size ls -lh /var/run/utmp # Backup utmp before maintenance sudo cp /var/run/utmp /var/run/utmp.backup # Force utmp cleanup (systemd systems) sudo systemctl restart systemd-logind # Check for utmp corruption utmpdump /var/run/utmp > /dev/null echo "utmp file status: $?"

Maintain utmp file integrity

Best Practices

users Command Best Practices
  • Use users for simple user presence checks in scripts
  • Combine with other commands for comprehensive monitoring
  • Handle empty output gracefully in scripts
  • Use unique user counting when needed
  • Consider alternative commands for detailed information
  • Monitor for security anomalies in user logins
  • Log user activity for audit trails
Limitations and Considerations
  • Limited information - Only shows usernames, no details
  • Duplicate entries - Same user appears multiple times
  • No timestamps - No login time information
  • utmp dependency - Relies on utmp file accuracy
  • System-specific - Behavior may vary between systems

See also