Linux w Command to See Who is Logged In And What Doing

As system Administrator, you must manage the users who logged in into your system. Allow them to do something, and restrict them do the rest. It’s a normal procedure for system Administrator. But you should not trust them 100% . People changed. Sometimes leak comes from inside, not from outside.

To prevent that thing, you need a tool to monitor the user activity. Linux has w command for that job.

What is W

I am not sure why this command called “w”. Just a simple letter. But behind the simplicity of its name, w give us a valuable information. W give us the information about who is logged in into your machine and what they are doing.

Run w

You can just type w on you console to run w command. Take a look below :

$ w

Default view of w

Here’s how to read that information :

  • User ; the user who is logged in
  • Tty ; how they are logged in
  • From ; from where they are coming from
  • [email protected] ; when they are logged in
  • Idle ; how long they are idle
  • JCPU ; Total CPU time used by the user since login
  • PCPU ; CPU time of the currently running process
  • What ; process that they are currently doing

    Please notice that the header of w is also display an information about the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the pas 1, 5, 15 minutes. This output is exactly the same with uptime command.

    Don’t print the header

    You may only want to focus on the w output. If yes, you can remove the header information. Use -h parameter to do it

    $ w -h

    w without header

    Use the short format

    -s parameter let you more focus only to User, Tty, From, Idle and What fields. Here’s a sample output :

    $ w -s

    Short display of w

    Toggle printing the from (remote hostname) field

    The original w command, by default does not print the from field. Using -f parameter, will show you the from field. However, your system administrator or distribution maintainer may have compiled a version in which from field is shown by default.

    $ w -f

    w from field

    Note on Ubuntu Server and CentOS, using -f parameter will remove the from field.

    Using old-style output

    This output will prints blank space for idle times less than one minute. Here’s a sample output :

    $ w -o

    Old-style output

    As you can see, the Idle, JCPU and PCPU will blank if the user is idle for more than 1 minute.

    Print spesific user

    When you investigate your w activity, you may want to focus only to specific user. To do this, put the username after w command.

    $ w pungki

    Print specific user

    Display w version

    If you want to print the version, use -V paramater.

    $ w -V

    w version


    w is a combination from who command and uptime command. Basically, w give us an uptime output, and user logged in information. This two information is always needed by a system administrator to monitor his / her server. w also built-in in every Linux distribution.

    Pungki Arianto 3:00 am

    About Pungki Arianto

    Pungki , currently working as a Linux / Unix administrator for a banking company. He love to work in Linux / Unix since it's fun for him. He is also interested in information technology, information security and writing.

    Author Archive Page

    Have anything to say?

    Your email address will not be published. Required fields are marked *

    All comments are subject to moderation.