I am on my Linux bible 9th edition,
I typed the command
who -uH
The output is here.
NAME LINE TIME IDLE PID COMMENT
systemadmin tty2 2016-09-03 22:50 01:33 1902 (:0)
Notice the (:0)
So only I am logged into TTY2, however, the bible told me that
PID shows the process ID of the users login shell.
COMMENT would show the name of the remote computer the user has logged in from.
The example in the bible shows that chris is on tty1 with a PID of 2013. As you can see my output is different, so I suspect a hacker has pwn3d my system. Can any good Linux Voaters give good advice on this??
EDIT: Fix formatting.
view the rest of the comments →
[–] Martenzo 0 points 2 points 2 points (+2|-0) ago
No, you're safe. You are seeing yourself logged in to the computer with the systemadmin user. It's normal for the PID to be different from the example, it is a Process ID, generated when the shell is launched, not something static. If someone was logged in from outside, you'd be seeing an actual IP address in the comment, instead of (:0)
[–] nextgenerationhacker [S] ago
All right, thanks for the more detailed explanation.