作为系统管理员,经常需要查看服务器的当前使用用户,和用户使用的进程等信息,下面介绍一些命令用于这些操作的查看
一、w命令查看登录用户正在使用的进程信息
命令:
w
==任何一个虚拟控制台登录都会产生一个tty, 每一个远程连接都会产生一个pts==
- 开头信息:
users:表示当前系统登陆用户总数为6。load average:与后面的数字一起表示系统在过去1,5,10分钟内的负载程度,数值越小,系统负载越轻。
- w命令输出的信息显示说明:
USER:用户名称TTY:用户的机器名称或tty号FROM:远程主机地址(就是登陆主机的IP地址)LOGIN用户登录系统的时间IDLE:空闲时间(作用不大)JCPU:附加到tty(终端)的进程所用的时间(JCPU时间)join cpuPCPU当前进程所用时间(PCPU时间)process cpuWHAT:用户当前正在使用的命令
- w命令的其他选择参数:
- -h忽略头文件信息
- -u显示结果的加载时间
- -s不显示JCPU, PCPU, 登录时间
示例:mosheng@server:~/work2$ w 16:48:38 up 17 days, 23:14, 6 users, load average: 7.18, 7.70, 8.20 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT mosheng tty7 :0 31Jan19 17days 3:36m 7.68s /sbin/upstart --user mosheng pts/22 192.168.1.55 09:44 16:14 2.90s 2.90s -bash mosheng pts/23 192.168.1.55 09:52 6.00s 0.70s 0.00s w mosheng pts/29 192.168.1.94 16:13 29:33 0.10s 0.10s -bash mosheng pts/24 192.168.1.106 13:43 1:26 0.35s 0.35s -bash mosheng pts/28 192.168.1.55 14:26 2:15m 0.22s 0.22s -bash mosheng@server:~/work2$ w -h mosheng tty7 :0 31Jan19 17days 3:36m 7.68s /sbin/upstart --user mosheng pts/22 192.168.1.55 09:44 23:08 2.90s 2.90s -bash mosheng pts/23 192.168.1.55 09:52 1.00s 0.71s 0.01s w -h mosheng pts/29 192.168.1.94 16:13 36:27 0.10s 0.10s -bash mosheng pts/24 192.168.1.106 13:43 3:31 0.40s 0.40s -bash mosheng pts/28 192.168.1.55 14:26 2:22m 0.22s 0.22s -bash mosheng@server:~/work2$ w -u 16:55:41 up 17 days, 23:21, 6 users, load average: 8.50, 7.58, 7.86 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT mosheng tty7 :0 31Jan19 17days 3:36m 7.68s /sbin/upstart --user mosheng pts/22 192.168.1.55 09:44 23:17 2.90s 2.90s -bash mosheng pts/23 192.168.1.55 09:52 2.00s 0.70s 0.00s w -u mosheng pts/29 192.168.1.94 16:13 36:36 0.10s 0.10s -bash mosheng pts/24 192.168.1.106 13:43 3:40 0.40s 0.40s -bash mosheng pts/28 192.168.1.55 14:26 2:22m 0.22s 0.22s -bash mosheng@server:~/work2$ w -s 16:55:58 up 17 days, 23:21, 6 users, load average: 7.73, 7.45, 7.81 USER TTY FROM IDLE WHAT mosheng tty7 :0 17days /sbin/upstart --user mosheng pts/22 192.168.1.55 23:34 -bash mosheng pts/23 192.168.1.55 2.00s w -s mosheng pts/29 192.168.1.94 36:53 -bash mosheng pts/24 192.168.1.106 3:57 -bash mosheng pts/28 192.168.1.55 2:22m -bash
二、who命令查看当前正在登陆的用户
命令:
who
列出当前登陆的用户名和登陆用户的设备主机名称或tty号 , 登陆时间,用户登陆机的IP地址
mosheng@server:~/work2$ who
mosheng tty7 2019-01-31 17:35 (:0)
mosheng pts/22 2019-02-18 09:44 (192.168.1.55)
mosheng pts/23 2019-02-18 09:52 (192.168.1.55)
mosheng pts/29 2019-02-18 16:13 (192.168.1.94)
mosheng pts/24 2019-02-18 17:02 (192.168.1.106)
mosheng pts/28 2019-02-18 14:26 (192.168.1.55)
- 如果只列出用户名,可以使用一下命令
命令:
who | cut -d' ' -f1 | sort | uniq
示例:
mosheng@server:~/work2$ who | cut -d' ' -f1 | sort | uniq
mosheng
whoami只显示自己登陆的用户名命令:
whoami
示例:
mosheng@server:~/work2$ whoami
mosheng
who am i只显示自己登陆的用户名、设备、登陆时间、登陆主机IP地址命令:
who am i
示例:
mosheng@server:~/work2$ who am i
mosheng pts/23 2019-02-18 09:52 (192.168.1.55)
# 这是我PC的IP地址
logname查看登陆的用户名和whoami效果一样命令:
who | cut -d' ' -f1 | sort | uniq
示例:
mosheng@server:~/work2$ logname
mosheng
users查看当前所有的登录用户名命令:
users
示例:
mosheng@server:~/work2$ users
mosheng mosheng mosheng mosheng mosheng mosheng
三、last查看登陆用户的历史信息
命令:
last
last命令可用于显示特定用户登录系统的历史记录。如果没有指定任何参数,则显示所有用户的历史信息。在默认情况下,这些信息(所显示的信息)将来源于/var/log/wtmp文件。该命令的输出结果包含以下几列信息:
- 用户名称
- tty设备号
- 历史登录时间日期
- 登出时间日期
- 总工作时间
示例:
mosheng@server:~/work2$ last
mosheng pts/24 192.168.1.106 Mon Feb 18 17:02 still logged in
mosheng pts/29 192.168.1.94 Mon Feb 18 16:13 still logged in
mosheng pts/29 192.168.1.106 Mon Feb 18 16:00 - 16:04 (00:04)
mosheng pts/29 192.168.1.106 Mon Feb 18 15:11 - 15:59 (00:48)
mosheng pts/28 192.168.1.55 Mon Feb 18 14:26 still logged in
mosheng pts/24 192.168.1.106 Mon Feb 18 13:43 - 17:02 (03:18)
mosheng pts/23 192.168.1.55 Mon Feb 18 09:52 still logged in
mosheng pts/22 192.168.1.55 Mon Feb 18 09:44 still logged in
mosheng pts/24 192.168.1.106 Sun Feb 17 13:56 - 16:49 (02:53)
mosheng pts/23 192.168.1.53 Sun Feb 17 13:49 - 14:14 (00:25)
mosheng pts/22 192.168.1.113 Sun Feb 17 13:48 - 16:21 (02:32)
mosheng pts/22 192.168.1.106 Fri Feb 15 19:31 - 23:43 (04:11)
mosheng pts/22 192.168.1.106 Fri Feb 15 18:23 - 19:31 (01:07)
mosheng pts/29 192.168.1.113 Fri Feb 15 17:42 - 19:25 (01:43)
mosheng pts/25 192.168.1.53 Fri Feb 15 16:04 - 19:19 (03:15)
mosheng pts/24 192.168.1.106 Fri Feb 15 15:10 - 17:57 (02:46)
last username查看指定用户的登录历史信息命令:
last username
示例:
mosheng@server:~/work2$ last mosheng
mosheng pts/24 192.168.1.106 Mon Feb 18 17:02 still logged in
mosheng pts/29 192.168.1.94 Mon Feb 18 16:13 still logged in
mosheng pts/29 192.168.1.106 Mon Feb 18 16:00 - 16:04 (00:04)
mosheng pts/29 192.168.1.106 Mon Feb 18 15:11 - 15:59 (00:48)
mosheng pts/28 192.168.1.55 Mon Feb 18 14:26 still logged in
mosheng pts/24 192.168.1.106 Mon Feb 18 13:43 - 17:02 (03:18)
mosheng pts/23 192.168.1.55 Mon Feb 18 09:52 still logged in
mosheng pts/22 192.168.1.55 Mon Feb 18 09:44 still logged in
mosheng pts/24 192.168.1.106 Sun Feb 17 13:56 - 16:49 (02:53)
mosheng pts/23 192.168.1.53 Sun Feb 17 13:49 - 14:14 (00:25)
mosheng pts/22 192.168.1.113 Sun Feb 17 13:48 - 16:21 (02:32)
mosheng pts/22 192.168.1.106 Fri Feb 15 19:31 - 23:43 (04:11)
mosheng pts/22 192.168.1.106 Fri Feb 15 18:23 - 19:31 (01:07)
- 如果只列出用户名,可以使用一下命令
命令:
who | cut -d' ' -f1 | sort | uniq
示例:
mosheng@server:~/work2$ who | cut -d' ' -f1 | sort | uniq
mosheng
四、pkill剔除当前的登录用户
命令:
pkill -u username
示例:
mosheng@server:~/work2$ pkill -u mohsheng
注意:这个命令实际上很危险,要相当小心的执行 原因参考 http://www.blogguy.cn/
安全的做法是先查看终端号,然后查看该终端执行的所有进程,根据进程号来停止服务
安全剔除用户
ps -ef| grep pts/0
得到用户登录相应的进程号pid后执行.
kill -9 pid
