- 1. Check online users
- The w command can also use the following options
- 2. View user login history
- 3. Use the who command to view (log in) the user name and the process started
- 4. Kick out users
- How to Kick a User Off of a Linux System
- Find a List of Logged In Users
- Warn the User of the Impending Disconnection
- End the Users Shell Process
- Disable User Logins
- Conclusion
- How to Delete a User from the Command Line
- Linux tee Command — Split Output to Screen and a File
- Leave a Reply Cancel reply
- 5 Comments
- Saved searches
- Use saved searches to filter your results more quickly
- tavinus/kick.sh
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.md
- About
1. Check online users
The w command is used to display the names of users who have logged into the system and what they are doing. The information used by this command comes from the /var/run/utmp file. The information output by the w command includes:
- User’s machine name or tty number
- Remote host address
- The time the user logged in to the system
- Free time (not very useful)
- The time (JCPU time) used by the process attached to the tty (terminal)
- The time used by the current process (PCPU time)
- The command currently being used by the user
The w command can also use the following options
- -h ignore header file information
- -u shows the load time of the results
- -s does not display JCPU, PCPU, login time
2. View user login history
The last command can be used to display the history of a specific user’s login system. If no parameters are specified, the historical information of all users is displayed. By default, this information (the displayed information) will come from the /var/log/wtmp file. The output of this command contains the following columns of information:
- user name
- tty device number
- Historical login time and date
- Logout date
- Total working hours
oracle pts/0 192.168.1.116 Mon Jul 1 15:18 still logged in oracle
pts/0 192.168.1.116 Tue Jun 25 17:39 — 18:04 (00:25) oracle pts/0
192.168.1.116 Tue Jun 25 17:13 — 17:14 (00:00) oracle pts/1 192.168.1.116 Tue Jun 25 15:05 — 15:07 (00:01) oracle pts/0 192.168.1.116 Tue Jun 25 11:20 — 15:12 (03:51)
3. Use the who command to view (log in) the user name and the process started
The who command is used to list the names of users currently logged in to the system. The output is: user name, tty number, time and date, host address.
$ who ramesh pts/0 2009-03-28 22:57 (dev-db-server) jason pts/1 2009-03-28 23:01 (dev-db-server) john pts/2 2009-03-28 23:04 (dev-db-server)
If you only want to list users, you can use the following statement:
$ who | cut -d' ' -f1 | sort | uniq john jason ramesh
Supplement: The users command can be used to print out the name of the user logging in to the server. Apart from the help and version options, this command has no other options. If a user uses multiple terminals, multiple duplicate user names will be displayed accordingly.
4. Kick out users
pkill -KILL -t pts/0 #pts/0User terminal number seen by the w command
How to Kick a User Off of a Linux System
At some point in a Linux System Administrator’s career they will need to kick a user off of a system. Usually it is because the user left an open session and you want to reboot the system or do some other maintenance. In this quick tip we will discuss the step’s to forcefully kick a user off of a system.
Find a List of Logged In Users
You can use the «who» command to find a list of users currently logged into the system. Using the -u (—users) option will also display the PID (process ID) of the users shell session.
$ who -u
savona pts/1 2019-03-16 09:46 . 6063 (192.168.122.1)
stacy pts/0 2019-03-16 17:07 . 9940 (192.168.122.1)
Let’s kick the user «stacy» so we can complete our maintenance.
Warn the User of the Impending Disconnection
It is always best practice to warn users before performing a reboot or disconnection. If the user is doing something malicious or abusing the system in some way, then by all means kick them without warning.
When we ran the who command, it showed us which pts (pseudo terminal) the user is connected to. We can display a message on their terminal by using the echo command and piping it to the write command.
echo "Your session will be terminated in 2 minutes for maintenance." | write stacy pts/0
You can make the message whatever you like. It is basic etiquette to give the user some time to save their work and log out.
End the Users Shell Process
When you are ready to kick the user, send the SIGHUP to the users shell process. A SIGHUP signal is the same signal the process would receive when the controlling terminal is closed.
The number at the end of the above command is the process ID of the users shell. We found the process ID using the who command above.
Sometimes there is a process that hangs. In that case we can send a SIGKILL (kill -9) to the PID. This is exactly what it sounds like. It will immediately terminate ANY process, so be careful.
My preferred way of kicking a user it to use pkill to send a SIGHUP to all of the users processes. The pkill command is a wrapper for kill and allows for signalling a process by name rather than PID (process ID).
Disable User Logins
Optionally, you may want to temporarily disable user logins before you start your maintenance.
If you want to learn how to disable user logins read «Disable User Logins to Linux Systems».
Conclusion
You should now know how to disconnect a user from your Linux system. We also discussed some good SysAdmin etiquette. If you have any comments we would love to hear them.
How to Delete a User from the Command Line
Linux tee Command — Split Output to Screen and a File
Leave a Reply Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
5 Comments
A little story. I spent almost my three last years in undergrad school at a phylogeny lab dealing with DNA sequences. I had my own project and there was only one other student at the lab at the time. He had just started Master’s and was learning Linux. I was a little more experienced than him, in truth, with Linux even though I was not such power user at the time. Anyways, the fact is that the lab had about 6 old desktops and they had just bought a new Server for the lab and were trying to set that up . The master’s degree student liked a GOOEY and stood for Windows so he installed that in the Server computer. After a little time, they decided to change the server to Linux for good, though, which is the only sane thing they could do about the server, in my opinion. I remember I was trying to perform some DNA alignments that consumed a lot of RAM and therefore I tried to install a lot of alignment programmes in the Server to see whether any one of those would run my data with the limited 12GB RAM + 10GB SWAP of the server.. Of course, I had to install all those programmes under root as it is rather impossible to install some applications under your user only, specially if you are using Debian official repos. So I think the master student did not like that and some days later, changed the password for the Server (there was only one account set at the time as there were only few students and teachers in the lab that could use the Server, anyway. ). Not happy enough with that, he decided to format all 6 old PCS at the lab. I had done such great partitioning schemes when I installed Linux for dual booting in some of those old PCS . The master student wiped all of the old PCs and installed Linux in ONE huge partition, not even separating root from home. AND he set up passwords for all PCS so I could not use them! I asked my teacher to give me access to those computers and he said to ask the Master’s student, who, in turn, said I should ask the teacher. Also, the student said he put passwords so that he could protect those computers. From whom. As there were only the two of us who worked at the lab full time ( I was more full-time than he, as a matter of fact), plus the teachers, I said that there was no need for passwords for those old PCS at all or the Server , even! If something broke, he could simply ask me if it was me who broke it. So, suddenly, I was kicked out of all those computers and the server at the phylogeny lab!
I never felt so much like Richard Stallman when he was at MIT and decided to counter up setting passwords for MIT computers! So, as my dissertation was almost complete, I quit going to the lab.. Nowadays, I think I should have booted from a live Pendrive and emptied those passwords to free the computing!
I was aware how easy it is to write to some user terminal. Tanks for the trick!
I will add it to my linux-super-cheatsheet:
If you have multiple users (20+) logged in.
Is there a way to send them the message all at once and kick them all out with simple commands?
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Bash Script to kick ssh users or close single ssh sesssions
tavinus/kick.sh
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
README.md
Simple BASH script to kick users from a Linux/Unix box.
The system manager can choose to kill all sessions from an user, or a specific session.
The script runs interactively and asks for confirmation before killing anything.
Requires root privileges to run.
Be advised that killing ssh sessions with programs open can have many adverse effects on your system!
You should know what you are doing and I take no responsibility for any damage caused by this script.
You should take full responsibility when kicking people on their faces, balls, or their open vi document.
From version 0.3.3 (or greater), kick.sh will show the user’s process tree with pstree before confirming the kick.
The script uses awk , sort , who , killall , pstree and kill , all of which are usually installed by default.
Uses who -u to get the list of users and sessions.
Uses killall -u -HUP to kick a user.
Uses kill to kill a specific session.
Uses pstree -npsu to show user’s processes before kicking a user.
The script uses the environmental variable $LANG to define its language.
If an unsupported language is detected, the script will run in English.
Currently Supported Languages
If you want to force a language, you can use something like:
LANG="en_US.utf8" sudo ./kick.sh
LANG="pt_BR.iso88591" sudo ./kick.sh
Please note that even though the variable $LANG requires the encoding, kick.sh only uses the language part of the string to define the display language.
So if $LANG is either «pt_BR.utf8» or «pt_BR.iso88591» would be the same for the display language.
The Makefile will install the script as kick (without the .sh) to /usr/bin .
Please change the makefile variables if you want to install it somewhere else or with another name.
- Option to use kill -9 in a session
- Option to send message to the user that is going to be kicked, with sleep before killing
- Force language with cli parameter
About
Bash Script to kick ssh users or close single ssh sesssions