who

who [options] [file] [am i]

who displays information about users currently logged into the system. It reads from /var/run/utmp (or another specified file) which tracks login sessions.The basic output shows username, terminal line, and login time. Additional options reveal idle time, process IDs, and message status (whether the user accepts write/talk messages).who am i shows information about the original login session. Unlike whoami (which shows the effective user), who am i displays the user who originally logged in, even after su to another account.The command can read historical login data from /var/log/wtmp to show past logins.

-a, --all

Print all available information

Time of last system boot

Print dead processes

Print column headers

Print system login processes

Only usernames and count of logged-in users

Print current runlevel

Print only name, line, and time (default)

Add user's message status (+, -, ?)

List users logged in

Print only current terminal's user info

Who shows login sessions, not all user processes. Users may have processes running without active login sessions.Remote connections may show as pseudo-terminals (pts/N) rather than physical terminals (tty).The utmp file format varies between Unix systems. Some information may not be available on all platforms.

w(1), whoami(1), users(1), last(1), finger(1)