Configuring shell auto logout features

  • 7007128
  • 01-Nov-2010
  • 30-Apr-2012


Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Workgroup Suite Small Business Edition (NOWS SBE)
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10


Shell access, either using a local shell or a ssh connection to another host, is possible as long as the user does not terminate the connection or close the shell. This might be considered an issue in some environments if users leave their desk unattended. Depending on the different shells there are possibilities to have the system close the shell access after a certain amount of inactivity.


The Bource Again Shell (/bin/bash) and Korn shell (/bin/ksh) provide an environment variable called TMOUT to specify an amount of seconds after which the connection is closed automatically due to inactivity:

tux@linux:~> su - test
test@linux:~> echo $SHELL
test@linux:~> export TMOUT=30
test@linux:~> timed out waiting for input: auto-logout

In this example the user "tux" switched to the account of the user "test" by using su -. After 30 seconds of inactivity the user gets logged out.

Using the TMOUT variable access to remote hosts can be closed as well:

test@linux1:~> ssh root@linux2
Last login: Mon Nov  1 14:02:13 2010 from
linux2:~ # timed out waiting for input: auto-logout
Connection to closed.

On ksh a warning is issued after reaching the seconds specified by TMOUT, 60 seconds after this warning the shell exits.

Bash and ksh settings are read from /etc/profile, /etc/profile.local, $HOME/.profile, $HOME/.bashrc and $HOME/.kshrc. As /etc/profile may get updated by YaST2 Online Update, its recommended to place own changes into /etc/profile.local.

Note: The TMOUT option applies to the active shell only. In case a user switches from one shell to another, like having /bin/bash as login shell and then start /bin/ksh, the timeout will first close the ksh. It needs another full cycle to close the remaining shell. Same applies to ssh connections.

The variable for csh (/bin/csh) is called autologout and specifies minutes of inactivity. By default this feature only applies to environments where no X is running, see man csh for details.

To temporarily disable the environment variable use the command "unset" which is available for the mentioned shells. As this command may get issued by any user to unset the TMOUT value it should not be considered to increase the security of the system.