Information Technology Reference
In-Depth Information
User Access and Administrative Information
Two system data files (referred to as extended databases) are used to store user
access and other administrative information. These files are
/var/adm/utmpx
—current user access (users currently logged in)
➤
/var/adm/wtmpx
—history of user access (based on
utmpx
entries)
➤
Both files have identical types of entries that include
User login name
➤
Device used to log in (console, terminal, and so on)
➤
Process ID (PID) of shell
➤
Entry timestamp
➤
Process termination/exit status
➤
The content of these two files is used by the commands in the next section
of this chapter to identify the users currently logged in and user login/logout
history.
Identifying and Monitoring Users
Several commands can be used to identify and monitor users:
id(1M)
—Displays the real and effective User ID (UID) and Group ID (GID)
➤
finger(1)
—Displays information about local and remote users
➤
last(1)
—Displays who logged into the system and when, who is still
logged in, and who logged out and when
➤
who(1)
and
w(1)
—Display the users currently logged into the system
➤
whodo(1M)
—Displays who is doing what
➤
The id Command
The
id
command is used to display the real and effective UID and GID for
the invoking process or specified user account. If invoked with
-a
as an option,
all groups in which the user ID is a member will be returned. The following
listing shows the results of executing the
id
command:
# id -a
uid=0(root) gid=1(other)groups=1(other),0(root),2(bin),
3(sys),4(adm),5(uucp),6(mail),7(tty),8(lp),9(nuucp),12(daemon)
#