w

system informationLinux/Unix
The w command is one of the most frequently used commands in Linux/Unix-like operating systems. w Show who is logged on and what they are doing

Quick Reference

Command Name:

w

Category:

system information

Platform:

Linux/Unix

Basic Usage:

w [options] [arguments]

Common Use Cases

    Syntax

    w [options] [user]

    Options

    Option Description
    -h, --no-header Don't print the header
    -u, --no-current Ignore current process username
    -s, --short Use short format (don't truncate command line)
    -f, --from Show remote hostname field
    -o, --old-style Use the old output format with wider fields
    -i, --ip-addr Display IP address instead of hostname
    --help Display help information and exit
    --version Output version information and exit

    Output Format

    The default output of w displays the following information:

    Column Description
    USER Username
    TTY Terminal name
    FROM Remote host
    LOGIN@ Login time
    IDLE Idle time
    JCPU Time used by all processes attached to the tty
    PCPU Time used by the current process
    WHAT Current command

    The output begins with a header line showing the current time, system uptime, number of users logged in, and load averages for the past 1, 5, and 15 minutes.

    Examples

    How to Use These Examples

    The examples below show common ways to use the w command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    # Display information about all logged-in users w
    # Display information about a specific user w username
    # Display information without header
    w -h
    # Advanced Examples Advanced
    # Display information with IP addresses instead of hostnames
    w -i
    # Show uptime and load average only
    w -u
    # Format output with specific field widths
    w -o
    # Specify the source file to use instead of default
    w -f /var/log/utmp
    # Display all available information
    w -f
    # Show short format (don't truncate command line)
    w -s
    # Show only the current process
    w -l

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The `w` command is a powerful system monitoring utility in Unix-like operating systems that provides a concise summary of the current system status, including who is logged in and what they're doing. It combines the functionality of several other commands, including uptime, who, and ps, into a single comprehensive overview. **Core Functionality:** 1. **System Status Overview**: w displays the current time, how long the system has been running (uptime), how many users are currently logged in, and the system load averages for the past 1, 5, and 15 minutes. 2. **User Session Information**: For each logged-in user, w shows their username, terminal, remote host (if applicable), login time, idle time, and CPU usage. 3. **Process Activity**: w displays the command each user is currently running, providing a snapshot of system activity. 4. **Load Assessment**: The load averages shown by w help administrators quickly assess system performance and identify potential overload situations. **Common Use Cases:** 1. **System Monitoring**: System administrators use w to get a quick overview of who is using the system and what resources they're consuming. 2. **Troubleshooting**: When a system is experiencing performance issues, w can help identify resource-intensive processes or unusual user activity. 3. **Security Auditing**: Unusual login locations or times can be spotted using w, potentially identifying unauthorized access. 4. **Resource Planning**: By monitoring user activity patterns over time, administrators can make informed decisions about resource allocation and system upgrades. 5. **User Support**: Help desk staff can use w to see if a user is currently active on the system before reaching out to them. **Technical Details:** 1. **Data Sources**: w primarily reads from the system's utmp file (typically /var/run/utmp or /var/log/utmp), which tracks current login sessions, and also queries the process table. 2. **CPU Time Calculations**: - JCPU (Job CPU time): The time used by all processes attached to the user's terminal, not including background jobs. - PCPU (Process CPU time): The CPU time used by the current process displayed in the WHAT field. 3. **Idle Time Format**: The idle time is displayed in the format hours:minutes or days+hours:minutes for longer periods. 4. **Command Truncation**: By default, w may truncate long command lines to fit the display. The -s option prevents this truncation. 5. **Performance Impact**: w itself is lightweight and has minimal impact on system performance, making it suitable for frequent use even on heavily loaded systems. **Comparison with Related Commands:** 1. **who**: The who command shows only who is logged in, without information about what they're doing or system load. w is essentially an enhanced version of who. 2. **uptime**: The uptime command shows only the system uptime and load averages, which is equivalent to just the header line of w's output. 3. **ps**: While ps provides more detailed process information, w links processes to specific user sessions in a more accessible format for quick overview purposes. 4. **top/htop**: These commands provide real-time, continuously updated system information, whereas w gives a static snapshot. top and htop are better for ongoing monitoring, while w is ideal for quick checks. **Historical Context:** w has been part of Unix-like systems since the early days, reflecting the multi-user nature of these operating systems. Its name is simply an abbreviation of "who," indicating its relationship to that command while suggesting its enhanced functionality. Despite the evolution of more sophisticated monitoring tools, w remains valuable for its simplicity, speed, and the concise yet comprehensive overview it provides. **Security Considerations:** 1. **Information Disclosure**: w reveals information about system users and their activities, which could potentially be useful to attackers. In high-security environments, access to w might be restricted. 2. **System Monitoring**: Regular monitoring with w can help detect unusual login patterns or resource usage that might indicate a security breach. 3. **Command Privacy**: Users should be aware that the commands they run are visible to anyone who can use the w command, which may have privacy implications. **Best Practices:** 1. **Regular Monitoring**: Include w in regular system checks to establish baseline patterns of usage and detect anomalies. 2. **Combine with Other Tools**: For comprehensive monitoring, use w in conjunction with more detailed tools like top, ps, and system logs. 3. **Script Usage**: w's output can be parsed by scripts to automatically alert administrators to unusual conditions, such as high load averages or unexpected user logins. 4. **Documentation**: In multi-user environments, document normal usage patterns to help identify abnormal activity. 5. **User Awareness**: Ensure users understand that their activity is visible via w, which may influence behavior regarding system resource usage and command privacy. The w command remains a staple tool for system administrators due to its ability to quickly provide a comprehensive snapshot of system status and user activity in a compact, easy-to-read format.

    Related Commands

    These commands are frequently used alongside w or serve similar purposes:

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the w command works in different scenarios.

    $ w
    View All Commands