As system Administrator, you must manage the users who logged in into your system. Allow them to do something, and restrict them do the rest. It’s a normal procedure for system Administrator. But you should not trust them 100% . People changed. Sometimes leak comes from inside, not from outside.
To prevent that thing, you need a tool to monitor the user activity. Linux has w command for that job.
What is W
I am not sure why this command called “w”. Just a simple letter. But behind the simplicity of its name, w give us a valuable information. W give us the information about who is logged in into your machine and what they are doing.
You can just type w on you console to run w command. Take a look below :
Here’s how to read that information :
Please notice that the header of w is also display an information about the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the pas 1, 5, 15 minutes. This output is exactly the same with uptime command.
Don’t print the header
You may only want to focus on the w output. If yes, you can remove the header information. Use -h parameter to do it
$ w -h
Use the short format
-s parameter let you more focus only to User, Tty, From, Idle and What fields. Here’s a sample output :
$ w -s
Toggle printing the from (remote hostname) field
The original w command, by default does not print the from field. Using -f parameter, will show you the from field. However, your system administrator or distribution maintainer may have compiled a version in which from field is shown by default.
$ w -f
Note on Ubuntu Server and CentOS, using -f parameter will remove the from field.
Using old-style output
This output will prints blank space for idle times less than one minute. Here’s a sample output :
$ w -o
As you can see, the Idle, JCPU and PCPU will blank if the user is idle for more than 1 minute.
Print spesific user
When you investigate your w activity, you may want to focus only to specific user. To do this, put the username after w command.
$ w pungki
Display w version
If you want to print the version, use -V paramater.
$ w -V
w is a combination from who command and uptime command. Basically, w give us an uptime output, and user logged in information. This two information is always needed by a system administrator to monitor his / her server. w also built-in in every Linux distribution.