Who Command in Linux

Last updated: March 29, 2022

System administrators create multiple users to perform different tasks on a Linux computer. They may not keep track of all these users and know if a particular user is logged in or not. For this purpose, Linux provides the who command-line tool that displays a list of all the users that are currently logged on a Linux computer.

In this tutorial, we will learn what is Linux who command and how to use it with practical command examples.


  • Basic command-line interface understanding.
  • Root or normal account access.
  • Difficulty level - Easy

Who Command in Linux

The Linux who command shows a list of all the currently logged-in users on your Linux computer. This command-line utility also displays the time of the last system boot and the current runlevel of your computer. Who is an easy command to use and shows significant information about all the users who are currently accessing a Linux computer.


The basic syntax of the who command in Linux is:

who [options] [file | argument1, argument2]

How to Use Who Command in Linux

The who command has a very simple syntax. You can use it without any options to display the list of users along with their terminal names, and login time.

For example, the following output shows only default information:

root     pts/0        2022-03-28 01:29 (
tom      pts/1        2022-03-28 02:26 (
linuxopsys pts/2        2022-03-28 02:22 (

By default who shows 4 columns:

  • Column 1 - The name of the user who currently logged in.
  • Column 2 - The name of the terminal the user used to logged in.
  • Column 3 - The date and time when the user logged in.
  • Column 4 - The IP address or the hostname from where the user logged in.

The pts/0 indicates which "pseudo terminal" the user used to logged in. You may see :0 which is referred to as the actual console or display monitor.

The who command retrieves information about your system and the list of current users from the /var/run/utmp file. This is the default file to store login information in Linux.

Who Command Examples

The who command supports various options to print different information of the users in your Linux system. The following examples describe practical use cases of this command.

Display Header

By default, who does not display column headings when you list current users. Use the -H option to display header information:

who -H
NAME     LINE         TIME             COMMENT
root     pts/0        2022-03-28 01:29 (
tom      pts/1        2022-03-28 02:26 (
linuxopsys pts/2        2022-03-28 02:22 (

Display System Boot Time

Rebooting your computer periodically is important for its smooth functioning. You can use the -b option to check when the computer was last rebooted:

who -b

         system boot  2022-03-23 22:49

This shows the system was last booted at 22:49 (HH:MM) on the date 2022-03-23.

Display Current Run Level

The run level is a mode of operation in Linux. You can check the run level of your Linux computer using the -r option:

who -r
run-level 3  2022-03-23 22:49

Display List and Number of Current Users

The number of currently logged-in users can be very high at a given time. To display a list of the users and count the number of logged-in users, use the -q option:

who -q
root tom linuxopsys
# users=3

The output shows the names of users currently logged in the system and the total count.

Display All Information of Users Logged In

When we use the who command without any option, it does not display all the information about the users. Use the -a option to force the command to print all information:

who -a
           system boot  2022-03-23 22:49
           run-level 3  2022-03-23 22:49
LOGIN      tty1         2022-03-23 22:49               645 id=tty1
LOGIN      ttyS0        2022-03-23 22:49               633 id=tyS0
root     - pts/0        2022-03-28 01:29 00:33       51607 (
tom      + pts/1        2022-03-28 02:26 00:31       52048 (
linuxopsys + pts/2        2022-03-28 02:22   .         51900 (

Display List of Dead Processes

Use the following command to display the complete list of the Linux processes that are dead:

who -d
show dead processes using the who command

Currently, there are no dead processes in this computer.

Who Command Options

As we described earlier, the who command without any options will display account information, such as login name, terminal name, and login time. However, you can use the command line arguments with this command to print other login information:

-aDisplay all information that the who command can print
-qDisplay only the list of logged-in users and user count
-rDisplay only the current runlevel along with the last login time
-HDisplay header names for the information displayed by the who command
-dDisplay a list of all the dead processes owned by the active user
-bDisplay only the last system boot time of the operating system
-pList active processes on your system. You can specify the number of active processes that you want to display
--ipsPrint IP addresses instead of hostnames


In this tutorial, we learned about the who command to display a list of users logged on your Linux computer. The who command works on all Linux distributions, such as Ubuntu, CentOS Stream, Red Hat, and Debian. It is part of the GNU Coreutils package.



Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment