timeouts - user login/idle/session time limits
The timeouts file is used by timeoutd (8) to impose limits on what
times particular users or groups of users can login on particular
terminals, how long a user can be idle (no activity on the terminal),
how long a user can be logged in for in a single session and how much
time a user can spend on a set of terminals each day.
The timeouts file is a plain ASCII file. Blank lines, or lines where
the first non blank character is a hash (#) will be ignored. All other
lines should be of the format:
TIMES is a comma separated list of times for which the entry is valid.
The entry will be ignored completely outside these times. The format
for each element of the times field is: DD[DD...][SSSS-EEEE] Where:
DD is one of Su Mo Tu We Th Fr Sa Wk Al
(Al = SuMoTuWeThFrSa Wk = MoTuWeThFr)
SSSS and EEEE are start and end times in 24 hour notation.
TTYS is a comma separated list of ttys (without the leading /dev/) for
which the entry is valid. A trailing asterisk (*) will result in any
tty which matches up to the asterisk being accepted. An asterisk by
itself matches all tttys.
USERS is a comma separated list of users, with pattern matching as for
GROUPS is a comma separated list of groups, with pattern matching as
MAXIDLE is the number of minutes which a user may remain idle without
being logged off. Idle time is defined as time during which no
activity (no output to the tty or input from the tty) is detected.
This is not checked under Linux if the tty is in SLIP mode.
MAXSESS is the maximum number of minutes that a user can be logged in
for in a single session if they match that entry.
MAXDAY is the maximum number of minutes per day that a user can be
logged in for if they match that entry.
WARN provides a facility for notifying a user that they are about to be
logged off due to exceeding MAXSESS or MAXDAY. WARN is measured in
minutes with a default value of 5. The user will receive a warning
every minute for WARN minutes before being logged off.
LOGINSTATUS is one of either LOGIN or NOLOGIN and is used to limit the
times during which certain people or groups of people can use specific
When searching through the timeouts file, timeoutd will use the first
entry for which the TIMES:TTYS:USERS:GROUPS fields all match the user
who is being checked. So, please note that any LOGINSTATUS lines will
need to be put before any ’session limit’ lines or they will not be
When calculating the number of minutes for which a user has been logged
on in the given day, timeoutd will consider logged in time on all ttys
covered by the TTYS field for the matching entry.
Would match all all users in any group regardless of which tty
they are logged in on and allow an idle time of 10 minutes, with
no daily or session time limits.
Would match all users in group subs logged on to any dialin line
(assuming all serial lines are dialins) over the weekend and
allow them 5 minutes idle time, 90 minutes per session and 180
minutes per day, with a 3 minute warning period before logoff
Would match all users in groups subs or other logged on to ttyS2
or ttyS4 on a weekday and allow them 10 minutes idle time, no
session limit and a 60 minute daily limit with a 5 minute
warning period. Note that this provides for 60 minutes per day
across both ttyS2 and ttyS4, NOT 60 minutes on ttyS2 and 60
minutes on ttyS4.
Would match all dialled in users (if all ttyS lines were modems)
and prevent them logging in before 7am or after 8pm on weekdays.
Shane Alderton <firstname.lastname@example.org>