Posted in Linux

sudo password timeout

January 23, 2008 - 2 comments

By default, sudo keeps the password in “memory” for 5 minutes (at least under Ubuntu).

If you want to change that value

$ sudo visudo

Add the following line before the other “Defaults” line :
Defaults timestamp_timeout=2

Or simply append “timestamp_timeout=2″ to the existing Defaults line like :
Defaults !lecture,tty_tickets,!fqdn,timestamp_timeout=2

This will set the timeout to 2 minutes…

Set to 0 to always require the password
Set to “-1″.. you will only have to prove you know the password once.

Options on the Defaults line are system-wide settings.

If you want to apply settings to particular users add :
Defaults:johndoe timestamp_timeout=-1

If you don’t want to be prompted for the password at all, you must have a rule like
johndoe ALL=(ALL) NOPASSWD: /bin/mount

This would never require the password for the command “mount”.

If you don’t want to ever be asked for the pass when using sudo :

johndoe ALL=(ALL) NOPASSWD: ALL

Comments

Sivakumar

April 18, 2008 - 2:31

This is really useful. Hats Off to you guys !!!

Xkth

March 3, 2010 - 1:42

Thanks, good how-to !

Trackback URI Comments RSS

Leave Comment

Please consider visiting the partners below if you enjoyed this article :

If this post saved you time and money, please consider checking my Amazon wishlist.

Before submitting, some rules :
- Is your comment related to the article ?
- You're having a problem ? Have you checked Google, other howtos, docs, manpages ?
- You're still having the problem ? Have you raised log verbosity, checked traces, ran tcpdump ?
- Have you checked your configuratoin for typo ?
Unless your comment is providing additional info or respect the rules above, DON'T comment.
If you don't understand what you are doing, I urge you to read the documentation, I'm not your free Level 1 helpdesk guy.