I have multiple users logged on my server (ubuntu 12.10), with ssh. None of them has root privileges.
If I log in with my admin account and type
w
the resulting output is:
17:21:05 up 10 days, 18:47, 3 users, load average: 0,09, 0,09, 0,08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Now if I type
sudo w
the resulting output is:
17:22:00 up 10 days, 18:48, 3 users, load average: 0,04, 0,07, 0,07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
admin pts/0 XX.XX.XX.XX 16:15 4.00s 0.34s 0.06s sshd: admin [priv]
user1 pts/1 XX.XX.XX.XX 17:04 17:40 0.17s 0.17s -sh
user2 pts/2 XX.XX.XX.XX 14:31 2:50m 0.16s 0.16s -sh
Why is that?
Unrelated question: what does the first line, last column (sshd: admin [priv]) mean in this case? I read it's relative to sshd privilege separation threads, but that's not clear to me what the line precisely means.
Best Answer
You have a security mechanism that doesn't allow w to iterate over /proc/$pid/ and get the information necessary for this. I think the grsecurity kernel hardening does this by default.