It’s a great and simple security check tool to find which running process belongs to users that have never officially logged in or never got any authorization to log in. this will provide you some good idea about any hidden system resources consumed by the unofficially\unauthorized logged-in User, resources such as CPU time, Memory, Network band…etc
# replace the 'username' with the user name that you like to inspect bash> au=($(ps -U username -o pid= )) # print the results bash> echo $au # To get some idea about the specific process ID # (replace the pid_num with the pid number that you like to check) bash> ps -vfM pid_num Result Example (pid=299):
