who
You'll have to do this using a couple of approaches. You can use the who
command to see who's got an active shell or is ssh
'ed into your VM.
$ who | cut -d' ' -f1 | sort -u
saml
users
You can also use the command user
to see who's logged in. These are users that are currently shown as active in the the log files /var/run/utmp
& /var/log/wtmp
.
$ users | sed 's/ /\n/g'|sort -u
saml
who revisited
If you use the command who
you'll notice the following lines:
$ who
saml tty1 2013-10-06 10:05 (:0)
saml pts/0 2013-10-06 10:07 (:0.0)
saml pts/5 2013-10-07 11:48 (:0.0)
The 2nd column (tty1) means that someone is connected locally to one of the physical terminals. Additionally you'll notice that the 5th column of that line shows (`:0). This means someone is sitting on the VM directly and is running the X desktop.
The other lines like pts/0
are pseudo terminals and are typically what gets created when you create tabs in gnome-terminal or ssh into the box.
VNC?
This one is a bit trickier. There really isn't a way to know this directly especially since the VNC server is integrated into X. Looking for a process shows nothing.
$ pgrep -f vnc
$
You could look for VNC network connections:
$ sudo netstat -anpt | grep -i Xorg
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 3948/Xorg
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 3948/Xorg
tcp 0 0 192.168.1.3:5900 192.168.1.20:41064 ESTABLISHED 3948/Xorg
tcp 0 0 :::6000 :::* LISTEN 3948/Xorg
Here you can see that there is a VNC connection from IP 192.168.1.3 to port 5900, which is typically used for VNC, but this port is by no means a guarantee.
When the connection goes away the connections looks like this:
$ netstat -anpt | grep -i Xorg
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 3948/Xorg
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 3948/Xorg
tcp 0 0 :::6000 :::* LISTEN 3948/Xorg
Additionally we could find out if the X server is running VNC, which it appears to be.
$ lsof -p 3948 | grep -i vnc
Xorg 3948 root mem REG 253,0 394420 48693751 /usr/lib/xorg/modules/extensions/libvnc.so
Probably your best bet to target in on VNC users is to eliminate who's actually physically on the box (users on physical terminals such as tty1), anyone that has a GNOME session is running a X desktop and is likely using VNC to connect to it.
$ ps -f -p $(pgrep -f gnome-session)
UID PID PPID C STIME TTY TIME CMD
root 22240 3943 0 Sep29 ? 00:00:00 /usr/bin/gnome-session
References
ssh
'd, those who are using VNC and those who are physically sitting before the host? Why don't you just try all three and see how the output ofw
orwho
changes? – terdon Oct 12 '13 at 00:52