如果指明了wtmp文件名,則who命令查詢所有以前的記錄。命令who /var/log/wtmp將報告自從wtmp文件創建或刪改以來的每一次登錄。例如:運行該命令如下所示:
# who /var/log/wtmp
root :0 2010-01-24 21:47
root pts/1 2010-01-24 21:47 (:0.0)
root :0 2010-02-20 19:36
root pts/1 2010-02-20 19:36 (:0.0)
root :0 2010-02-21 15:21
root pts/1 2010-02-21 15:56 (:0.0)
root pts/2 2010-02-21 16:03 (:0.0)
root :0 2010-02-22 13:01
root pts/1 2010-02-22 13:02 (:0.0)
root pts/2 2010-02-22 15:57 (:0.0)
root pts/3 2010-02-22 15:57 (:0.0)
2.users命令
users用單獨的一行打印出當前登錄的用戶,每個顯示的用戶名對應一個登錄會話。如果一個用戶有不止一個登錄會話,那他的用戶名將顯示相同的次數。運行該命令將如下所示:
# users
root root root
3.last命令
last命令往回搜索wtmp來顯示自從文件第一次創建以來登錄過的用戶。系統管理員可以周期性地對這些用戶的登錄情況進行審計和考核,從而發現起中存在的問題,確定不法用戶,並進行處理。運行該命令,如下所示:
# last
root pts/3 :0.0 Mon Feb 22 15:57 still logged in
root pts/2 :0.0 Mon Feb 22 15:57 still logged in
root pts/1 :0.0 Mon Feb 22 13:02 still logged in
root :0 Mon Feb 22 13:01 still logged in
reboot system boot2.6.18-8.el5 Mon Feb 22 12:56 (03:02)
root pts/2 :0.0 Sun Feb 21 16:03 - down (02:37)
root pts/1 :0.0 Sun Feb 21 15:56 - down (02:45)
root :0 Sun Feb 21 15:21 - down (03:20)
reboot system boot2.6.18-8.el5 Sun Feb 21 15:19 (03:22)
root pts/1 :0.0 Sat Feb 20 19:36 - down (01:50)
root :0 Sat Feb 20 19:36 - down (01:51)
reboot system boot2.6.18-8.el5 Sat Feb 20 19:34 (01:53)
root pts/1 :0.0 Sun Jan 24 21:47 - down (00:02)
root :0 Sun Jan 24 21:47 - down (00:02)
reboot system boot2.6.18-8.el5 Sun Jan 24 21:45 (00:05)
rebootsystem boot2.6.18-8.el5 Sun Jan 24 21:41 (00:02)
wtmp begins Sun Jan 24 21:41:03 2010