Just tested it and it works like a charm. I used the global /etc/profile to effect the condition. If I recall correctly anything in ~/.bash_profile will override settings in the global /etc/profile. So you could have a global timeout, and then different timeouts for certain users. Of course a user could edit their own .bash_profile and override the timeout from the global profile. So not as secure I suppose in that sense as something in OpenSSH that an unpriviledged end user could not change. Out of curiosity I checked the /var/log/secure file to see if the timeout resulted in an entry however no evidence found of same. In /var/log/messages you do see the closed session recorded exactly x seconds (whatever you set x as) after going idle (I simply logged in and left it idle, so closed session was exactly 3 minutes after opening the session - as per 180 second TMOUT I specified in /etc/profile). However the entry is no different than if a person did a normal exit vs a timeout. Would have been nice to have the entry reflect that it was a timeout (good to know if a user is always forgetting to logout, and good to know if doing log analysis on a system pursuant to investigating an incident on the network). Jacques B.
