With these two options, you can get more information about the users now logged in. The headers displayed with the -H option are NAME, LINE, TIME, IDLE, PID, and COMMENTS. Table 19.5 explains the terms appearing in the heading.

---

NOTE:  You probably won’t see the COMMENT field filled in very often in any recent Linux systems. In the old days, processes that let you log in to UNIX (getty or uugetty) were started directly from entries in the /etc/inittab file and usually listened for login requests from a particular terminal. The COMMENT field might identify the location of that terminal and could tell you who was logged in and at what terminal they were sitting. Today, processes that listen for login requests are typically handled by the Service Access Facility and are no longer listed in /etc/inittab.

---

The following example uses the -u and -H options and shows the response Linux returns:

$ who -uH

NAME       LINE         TIME       IDLE       PID     COMMENT

root       console  Dec 13 08:00   .          10340

ernie      tty02    Dec 13 10:37   .          11929   Tech-89.2

bkraft     tty03    Dec 13 11:02   0:04        4761   Sales-23.4

jdurum     tty05    Dec 13 09:21   1:07       10426

ernie      ttys7    Dec 11 18:49    old       10770   oreo.coolt.com

$

You can infer from this listing that the last session associated with ernie is from a network site named oreo.coolt.com and that there hasn’t been any activity in that session in more than 24 hours (which might signal a problem). The session for root and the first one for ernie have both been accessed within the last minute. The last activity on the session for bkraft was four minutes ago; it has been one hour and seven minutes since any activity was reported on the session for jdurum.

Also note that this listing includes the PID (process ID number) for the login shell of each user’s session. The next section shows how you can use the PID to further monitor the system.

Using the finger Command to Learn More About Who Is on the System

A command that complements the who command is finger. To see more information about a specific user, you can enter finger username (or finger username@domain if the user is on another computer). For example to see more information on a user named tackett, you would enter this command:

finger tackett

You would then see the following output:

Login: tackett                          Name: Jack Tackett Jr

Directory: /home/tackett                Shell: /bin/tcsh

Office: 2440 SW Cary Parkway 114        Office Phone: 919 555 1212

Home Phone: 919 555 1212

Never logged in.

Mail last read Fri Jul  3 17:42 1998 (EDT)

Plan:

--------------------------------------------

Jack Tackett, Jr.

In the immortal words of Socrates:

     I drank WHAT?

--------------------------------------------

This output shows the login and real name associate with the specified account. You can also see which shell the user prefers to use, his address, when he last read his e-mail, and when he was last logged in. If he is currently logged on, the finger command tells you how long he has been logged on and which program he is currently using. The finger command also displays any information a user may have placed in his .plan file in his home directory.

As you can see, the finger command displays a lot of information about a user, which could be used by crackers to hack the system. This is why many systems administrators disable the finger command so others cannot see this information.

---

NOTE:  If you allow the use of the finger command on your system, or if your systems administrator allows it on a system you are using, you can use the chfn command to change the information displayed by finger. See the related man page (use the man chfn command) for more information.

---

Reporting On the Status of Processes with ps

The ps (process status) command reports on the status of processes. You can use it to determine which processes are running, whether a process has completed, whether a process is hung or having some difficulty, how long a process has run, the resources a process is using, the relative priority of a process, and the PID (process ID number) needed before you can kill a process. All this information is useful to a user and very useful to a system administrator. Without any options, ps lists the PID of each process associated with your current shell. It’s also possible to see a detailed listing of all the processes running on a system.

Monitoring Processes with ps

A common use of the ps command is to monitor background jobs and other processes on the system. Because background processes don’t communicate with your screen and keyboard in most cases, you use ps to track their progress.