Source of information - command who

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite
2












I would like to know how the command "who" pulls out information about ssh history into a Linux system. For example, on my shared-network workstation, where everyone can ssh into it:



[johny@gandor ~]$ who
johny :0 2018-08-30 06:44 (:0)
johny pts/0 2018-08-30 06:45 (:0.0)
johny pts/1 2018-08-30 06:45 (:0.0)
Keiven pts/2 2018-08-30 19:46 (:50.0)
seman pts/6 2018-08-31 15:15 (:50.0)
johny pts/7 2018-08-31 15:51 (:50.0)
casper pts/8 2018-08-31 16:53 (:50.0)
johny pts/10 2018-09-01 06:25 (:50.0)


I think that this information is, originally, stored somewhere in Linux system files and the command "who" reads that information from that file? if so, where is that file located?




command who




share|improve this question






















  • If you run strace who you'll see exactly what files it's getting the information from.
    – steve
    Sep 1 at 10:34






  • 1




    Hi Steve, thank you. I use Cantos 7. I don't see any path from the output of "strace". Also cd into "/var/run/utmp." is not feasible. I mean there is no such file!
    – Kasper
    Sep 1 at 10:39







  • 1




    @Kasper: /var/run/utmp is a file, so you cannot cd into it. You also might want to add the output of strace -e trace=open who to your question.
    – Thomas
    Sep 1 at 11:02











  • Thank you Zeta, I am new to this forum and I am not familiar with the rules. I will re-edit the question. Thanks!
    – Kasper
    Sep 1 at 13:26














up vote
3
down vote

favorite
2












I would like to know how the command "who" pulls out information about ssh history into a Linux system. For example, on my shared-network workstation, where everyone can ssh into it:



[johny@gandor ~]$ who
johny :0 2018-08-30 06:44 (:0)
johny pts/0 2018-08-30 06:45 (:0.0)
johny pts/1 2018-08-30 06:45 (:0.0)
Keiven pts/2 2018-08-30 19:46 (:50.0)
seman pts/6 2018-08-31 15:15 (:50.0)
johny pts/7 2018-08-31 15:51 (:50.0)
casper pts/8 2018-08-31 16:53 (:50.0)
johny pts/10 2018-09-01 06:25 (:50.0)


I think that this information is, originally, stored somewhere in Linux system files and the command "who" reads that information from that file? if so, where is that file located?




command who




share|improve this question






















  • If you run strace who you'll see exactly what files it's getting the information from.
    – steve
    Sep 1 at 10:34






  • 1




    Hi Steve, thank you. I use Cantos 7. I don't see any path from the output of "strace". Also cd into "/var/run/utmp." is not feasible. I mean there is no such file!
    – Kasper
    Sep 1 at 10:39







  • 1




    @Kasper: /var/run/utmp is a file, so you cannot cd into it. You also might want to add the output of strace -e trace=open who to your question.
    – Thomas
    Sep 1 at 11:02











  • Thank you Zeta, I am new to this forum and I am not familiar with the rules. I will re-edit the question. Thanks!
    – Kasper
    Sep 1 at 13:26












up vote
3
down vote

favorite
2









up vote
3
down vote

favorite
2






2





I would like to know how the command "who" pulls out information about ssh history into a Linux system. For example, on my shared-network workstation, where everyone can ssh into it:



[johny@gandor ~]$ who
johny :0 2018-08-30 06:44 (:0)
johny pts/0 2018-08-30 06:45 (:0.0)
johny pts/1 2018-08-30 06:45 (:0.0)
Keiven pts/2 2018-08-30 19:46 (:50.0)
seman pts/6 2018-08-31 15:15 (:50.0)
johny pts/7 2018-08-31 15:51 (:50.0)
casper pts/8 2018-08-31 16:53 (:50.0)
johny pts/10 2018-09-01 06:25 (:50.0)


I think that this information is, originally, stored somewhere in Linux system files and the command "who" reads that information from that file? if so, where is that file located?




command who




share|improve this question














I would like to know how the command "who" pulls out information about ssh history into a Linux system. For example, on my shared-network workstation, where everyone can ssh into it:



[johny@gandor ~]$ who
johny :0 2018-08-30 06:44 (:0)
johny pts/0 2018-08-30 06:45 (:0.0)
johny pts/1 2018-08-30 06:45 (:0.0)
Keiven pts/2 2018-08-30 19:46 (:50.0)
seman pts/6 2018-08-31 15:15 (:50.0)
johny pts/7 2018-08-31 15:51 (:50.0)
casper pts/8 2018-08-31 16:53 (:50.0)
johny pts/10 2018-09-01 06:25 (:50.0)


I think that this information is, originally, stored somewhere in Linux system files and the command "who" reads that information from that file? if so, where is that file located?





command who





share|improve this question













share|improve this question




share|improve this question








edited Sep 1 at 13:27

























asked Sep 1 at 10:31









Kasper

12611




12611











  • If you run strace who you'll see exactly what files it's getting the information from.
    – steve
    Sep 1 at 10:34






  • 1




    Hi Steve, thank you. I use Cantos 7. I don't see any path from the output of "strace". Also cd into "/var/run/utmp." is not feasible. I mean there is no such file!
    – Kasper
    Sep 1 at 10:39







  • 1




    @Kasper: /var/run/utmp is a file, so you cannot cd into it. You also might want to add the output of strace -e trace=open who to your question.
    – Thomas
    Sep 1 at 11:02











  • Thank you Zeta, I am new to this forum and I am not familiar with the rules. I will re-edit the question. Thanks!
    – Kasper
    Sep 1 at 13:26
















  • If you run strace who you'll see exactly what files it's getting the information from.
    – steve
    Sep 1 at 10:34






  • 1




    Hi Steve, thank you. I use Cantos 7. I don't see any path from the output of "strace". Also cd into "/var/run/utmp." is not feasible. I mean there is no such file!
    – Kasper
    Sep 1 at 10:39







  • 1




    @Kasper: /var/run/utmp is a file, so you cannot cd into it. You also might want to add the output of strace -e trace=open who to your question.
    – Thomas
    Sep 1 at 11:02











  • Thank you Zeta, I am new to this forum and I am not familiar with the rules. I will re-edit the question. Thanks!
    – Kasper
    Sep 1 at 13:26















If you run strace who you'll see exactly what files it's getting the information from.
– steve
Sep 1 at 10:34




If you run strace who you'll see exactly what files it's getting the information from.
– steve
Sep 1 at 10:34




1




1




Hi Steve, thank you. I use Cantos 7. I don't see any path from the output of "strace". Also cd into "/var/run/utmp." is not feasible. I mean there is no such file!
– Kasper
Sep 1 at 10:39





Hi Steve, thank you. I use Cantos 7. I don't see any path from the output of "strace". Also cd into "/var/run/utmp." is not feasible. I mean there is no such file!
– Kasper
Sep 1 at 10:39





1




1




@Kasper: /var/run/utmp is a file, so you cannot cd into it. You also might want to add the output of strace -e trace=open who to your question.
– Thomas
Sep 1 at 11:02





@Kasper: /var/run/utmp is a file, so you cannot cd into it. You also might want to add the output of strace -e trace=open who to your question.
– Thomas
Sep 1 at 11:02













Thank you Zeta, I am new to this forum and I am not familiar with the rules. I will re-edit the question. Thanks!
– Kasper
Sep 1 at 13:26




Thank you Zeta, I am new to this forum and I am not familiar with the rules. I will re-edit the question. Thanks!
– Kasper
Sep 1 at 13:26










2 Answers
2






active

oldest

votes

















up vote
5
down vote



accepted










Take a look at the man page for who. e.g. "If FILE is not specified, use /var/run/utmp."



This is not a text file, so opening with vi will offer a poor view of the file contents. od -c /var/run/utmp | more would serve better.






share|improve this answer
















  • 2




    @Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
    – Zeta
    Sep 1 at 13:23

















up vote
5
down vote













If you run strace -e open who, you will see all files that who opens. On Linux, that includes /var/run/utmp. utmp is not a human-readable file, instead it is a sequence of utmp structures (see utmpx(5)). On FreeBSD, who opens /var/run/utx.active.



You can also find this information at who --help, man 1 who or even info who, where the default file is mentioned.






share|improve this answer




















  • Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
    – Sergiy Kolodyazhnyy
    Sep 1 at 15:26










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f466217%2fsource-of-information-command-who%23new-answer', 'question_page');

);

Post as a guest

















2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote



accepted










Take a look at the man page for who. e.g. "If FILE is not specified, use /var/run/utmp."



This is not a text file, so opening with vi will offer a poor view of the file contents. od -c /var/run/utmp | more would serve better.






share|improve this answer
















  • 2




    @Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
    – Zeta
    Sep 1 at 13:23














up vote
5
down vote



accepted










Take a look at the man page for who. e.g. "If FILE is not specified, use /var/run/utmp."



This is not a text file, so opening with vi will offer a poor view of the file contents. od -c /var/run/utmp | more would serve better.






share|improve this answer
















  • 2




    @Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
    – Zeta
    Sep 1 at 13:23












up vote
5
down vote



accepted







up vote
5
down vote



accepted






Take a look at the man page for who. e.g. "If FILE is not specified, use /var/run/utmp."



This is not a text file, so opening with vi will offer a poor view of the file contents. od -c /var/run/utmp | more would serve better.






share|improve this answer












Take a look at the man page for who. e.g. "If FILE is not specified, use /var/run/utmp."



This is not a text file, so opening with vi will offer a poor view of the file contents. od -c /var/run/utmp | more would serve better.







share|improve this answer












share|improve this answer



share|improve this answer










answered Sep 1 at 11:27









steve

12.9k22149




12.9k22149







  • 2




    @Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
    – Zeta
    Sep 1 at 13:23












  • 2




    @Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
    – Zeta
    Sep 1 at 13:23







2




2




@Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
– Zeta
Sep 1 at 13:23




@Kasper Adding questions to existing questions is frowned upon. A question should have one acceptable answer. If someone now comes along and answers only the utmp part, none of the answers would be complete. That's why the general rule is: one post = one question. Feel free to open another post (although I've already answered your additional question in my answer, btw).
– Zeta
Sep 1 at 13:23












up vote
5
down vote













If you run strace -e open who, you will see all files that who opens. On Linux, that includes /var/run/utmp. utmp is not a human-readable file, instead it is a sequence of utmp structures (see utmpx(5)). On FreeBSD, who opens /var/run/utx.active.



You can also find this information at who --help, man 1 who or even info who, where the default file is mentioned.






share|improve this answer




















  • Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
    – Sergiy Kolodyazhnyy
    Sep 1 at 15:26














up vote
5
down vote













If you run strace -e open who, you will see all files that who opens. On Linux, that includes /var/run/utmp. utmp is not a human-readable file, instead it is a sequence of utmp structures (see utmpx(5)). On FreeBSD, who opens /var/run/utx.active.



You can also find this information at who --help, man 1 who or even info who, where the default file is mentioned.






share|improve this answer




















  • Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
    – Sergiy Kolodyazhnyy
    Sep 1 at 15:26












up vote
5
down vote










up vote
5
down vote









If you run strace -e open who, you will see all files that who opens. On Linux, that includes /var/run/utmp. utmp is not a human-readable file, instead it is a sequence of utmp structures (see utmpx(5)). On FreeBSD, who opens /var/run/utx.active.



You can also find this information at who --help, man 1 who or even info who, where the default file is mentioned.






share|improve this answer












If you run strace -e open who, you will see all files that who opens. On Linux, that includes /var/run/utmp. utmp is not a human-readable file, instead it is a sequence of utmp structures (see utmpx(5)). On FreeBSD, who opens /var/run/utx.active.



You can also find this information at who --help, man 1 who or even info who, where the default file is mentioned.







share|improve this answer












share|improve this answer



share|improve this answer










answered Sep 1 at 11:28









Zeta

47627




47627











  • Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
    – Sergiy Kolodyazhnyy
    Sep 1 at 15:26
















  • Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
    – Sergiy Kolodyazhnyy
    Sep 1 at 15:26















Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
– Sergiy Kolodyazhnyy
Sep 1 at 15:26




Good answer, hence +1, and generally strace is the way to go if you want to know what a program does underneath the hood. If there's no interesting file showing up with open() syscalls, that can mean it's likely is communicating with kernel via library and gets information from there.
– Sergiy Kolodyazhnyy
Sep 1 at 15:26

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f466217%2fsource-of-information-command-who%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

What does second last employer means? [closed]

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote -3 down vote favorite Say, for example I have worked in the following companies, Company A => 2010 - 2011 Company B => 2011 - 2012 Company C => 2012 - Till Date Company D => Have offer Now assume Company D is asking to submit documents from my second last employer. So from the list of companies given, which company would be qualified as second last employer? software-industry employer share | improve this question asked Aug 10 '14 at 5:16 Rajaprabhu Aravindasamy 559 1 6 13 closed as off-topic by Jim G., jmort253 ♦ Aug 11 '14 at 1:58 This question appears to be off-topic. The users who voted to close gave this specific reason: "Questions seeking advice on company-specific regulations, agreements, or policies should be directed to your manager or HR department. Questions that address...
Read more

List of Gilmore Girls characters

Image
The season three cast—(Back row): Lane, Michel, Paris, Emily, Richard, Sookie, Miss Patty, Kirk; Front row: Jess, Luke, Lorelai, Rory, Dean This is a list of characters for the comedy-drama television series Gilmore Girls . Contents 1 Main characters 1.1 Lorelai Gilmore 1.2 Rory Gilmore 1.3 Sookie St. James 1.4 Lane Kim 1.5 Michel Gerard 1.6 Luke Danes 1.7 Emily Gilmore 1.8 Richard Gilmore 1.9 Paris Geller 1.10 Dean Forester 1.11 Jess Mariano 1.12 Kirk Gleason 1.13 Jason Stiles 1.14 Logan Huntzberger 2 Major recurring characters 2.1 Christopher Hayden 2.2 Jackson Belleville 2.3 Mrs. Kim 2.4 Tristin DuGray 2.5 Max Medina 2.6 Taylor Doose 2.7 Dave Rygalski 2.8 Marty 3 Recurring characters 3.1 Stars Hollow 3.2 Chilton 3.3 Yale 3.4 Other 4 Notable guest stars 5 Unseen characters 6 Notes 7 References Main characters Actor Character Appearances Season 1 Season 2 Season 3 Season 4 Season 5 Season 6 Season 7 A Year in the Life Lauren Graham Lorelai Gilmore...
Read more

Confectionery

Image
Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of ...
Read more