Configuring shell auto logout features

This document (7007128) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10

Situation

Shell access, either using a local shell or a ssh connection to another host, is possible as long as the user does not terminate the connection or close the shell. This might be considered an issue in some environments if users leave their desk unattended. Depending on the different shells there are possibilities to have the system close the shell access after a certain amount of inactivity.

Resolution

The Bource Again Shell (/bin/bash) and Korn shell (/bin/ksh) provide an environment variable called TMOUT to specify an amount of seconds after which the connection is closed automatically due to inactivity:
 
tux@linux:~> su - test
Password:
test@linux:~> echo $SHELL
/bin/bash
test@linux:~> export TMOUT=30
test@linux:~> timed out waiting for input: auto-logout
tux@linux:~>

In this example the user "tux" switched to the account of the user "test" by using su -. After 30 seconds of inactivity the user gets logged out.

Using the TMOUT variable access to remote hosts can be closed as well:
 
test@linux1:~> ssh root@linux2
Last login: Mon Nov  1 14:02:13 2010 from linux1.testenv.site
linux2:~ # timed out waiting for input: auto-logout
Connection to 192.168.66.10 closed.
test@linux1:~>

On ksh a warning is issued after reaching the seconds specified by TMOUT, 60 seconds after this warning the shell exits.

Bash and ksh settings are read from /etc/profile, /etc/profile.local, $HOME/.profile, $HOME/.bashrc and $HOME/.kshrc. As /etc/profile may get updated by YaST2 Online Update, its recommended to place own changes into /etc/profile.local.

Note: The TMOUT option applies to the active shell only. In case a user switches from one shell to another, like having /bin/bash as login shell and then start /bin/ksh, the timeout will first close the ksh. It needs another full cycle to close the remaining shell. Same applies to ssh connections.

The variable for csh (/bin/csh) is called autologout and specifies minutes of inactivity. By default this feature only applies to environments where no X is running, see man csh for details.

To temporarily disable the environment variable use the command "unset" which is available for the mentioned shells. As this command may get issued by any user to unset the TMOUT value it should not be considered to increase the security of the system.

 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007128
  • Creation Date: 01-Nov-2010
  • Modified Date:13-Mar-2021
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Real Time
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center