Linux rwho Command with Practical Examples

Introduction

In this lab, you will learn about the Linux rwho command, which is used to display information about users currently logged in to the local and remote systems on the local network. The lab covers understanding the rwho command, exploring its output, and utilizing it for user monitoring. The rwho command is part of the rwhod service, which periodically broadcasts information about logged-in users. You will learn how to interpret the output of the rwho command and use it to monitor user activity on your network.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/PackagesandSoftwaresGroup(["`Packages and Softwares`"]) linux/PackagesandSoftwaresGroup -.-> linux/software("`Linux Software`") subgraph Lab Skills linux/software -.-> lab-422899{{"`Linux rwho Command with Practical Examples`"}} end

Understand the rwho Command

In this step, you will learn about the rwho command in Linux, which is used to display information about users currently logged in to the local and remote systems on the local network.

The rwho command is part of the rwhod service, which is a daemon that periodically broadcasts information about the users currently logged in to the local and remote systems on the local network. The rwho command retrieves this information and displays it in a readable format.

To use the rwho command, simply run the following command in your terminal:

$ rwho

Example output:

User     tty    host    login@       idle    where
labex    pts/0  host1   10:15        0:01    host1
john     pts/1  host2   09:30        1:25    host2
jane     pts/2  host3   11:45        0:10    host3

The output of the rwho command displays the following information:

User: The username of the logged-in user.
tty: The terminal device the user is logged in to.
host: The hostname of the remote system the user is logged in to.
login@: The time the user logged in.
idle: The amount of time the user has been idle (no keyboard activity).
where: The location of the user's terminal.

The rwho command can be useful for monitoring the activity of users on your network, as well as for troubleshooting issues related to user logins and remote access.

Explore the Output of the rwho Command

In this step, you will explore the output of the rwho command in more detail, and learn how to interpret the information it provides.

Let's start by running the rwho command again:

$ rwho

Example output:

User     tty    host    login@       idle    where
labex    pts/0  host1   10:15        0:01    host1
john     pts/1  host2   09:30        1:25    host2
jane     pts/2  host3   11:45        0:10    host3

As you can see, the output provides information about the users currently logged in to the local and remote systems on the network. Let's break down the different fields:

User: This column displays the username of the logged-in user.
tty: This column shows the terminal device the user is logged in to.
host: This column displays the hostname of the remote system the user is logged in to.
login@: This column shows the time the user logged in.
idle: This column displays the amount of time the user has been idle (no keyboard activity).
where: This column shows the location of the user's terminal.

You can use this information to monitor the activity of users on your network, and to identify any potential issues or unusual behavior.

For example, you might notice that a user has been idle for a long time, or that a user is logged in to a remote system that they don't normally access. This could indicate a potential security issue or a problem with the user's workflow.

Utilize the rwho Command for User Monitoring

In this step, you will learn how to utilize the rwho command for user monitoring and system management.

One common use case for the rwho command is to monitor user activity on your network. You can use the rwho command to regularly check which users are currently logged in, and how long they have been idle.

Let's try this out by running the rwho command in a loop:

$ while true; do rwho; sleep 5; done

This will continuously display the output of the rwho command every 5 seconds, allowing you to monitor user activity in real-time.

Example output:

User     tty    host    login@       idle    where
labex    pts/0  host1   10:15        0:01    host1
john     pts/1  host2   09:30        1:30    host2
jane     pts/2  host3   11:45        0:15    host3

You can use this information to identify any unusual user activity, such as users logging in at unusual times or staying idle for extended periods. This can be useful for detecting potential security issues or troubleshooting user-related problems.

Another way to utilize the rwho command is to integrate it into your system monitoring and automation workflows. For example, you could write a script that periodically checks the rwho output and sends an alert if it detects any suspicious user activity.

By understanding and utilizing the rwho command, you can enhance your ability to monitor and manage user activity on your Linux systems.

Summary

In this lab, you learned about the rwho command in Linux, which is used to display information about users currently logged in to the local and remote systems on the local network. You explored the output of the rwho command, which provides details such as the username, terminal device, hostname, login time, idle time, and location of the user's terminal. This information can be useful for monitoring user activity and troubleshooting issues related to user logins and remote access.

Linux Commands Cheat Sheet

Linux rwho Command with Practical Examples

Introduction

Skills Graph

Understand the rwho Command

Explore the Output of the rwho Command

Utilize the rwho Command for User Monitoring

Summary

Other Linux Tutorials you may like