I wish sudo would ask for my password less often

This is a very old trick, but I find many people doesn't know about it yet.

If you're using sudo (and you definitely should), one minor complaint is that you need to re-enter your password quite often.

One common pseudo-solution is to completely disable the password for executing sudo with such user; while it may be a good idea sometimes, it does decrease the overall security - if you happen to forget an open shell or screen/tmux lingering somewhere, you give total power to whoever gets in touch with it.

If you happen to let people into your sudo-enabled account with your ssh key, anybody that can get hold of your ssh key will get root access to your servers. It's not the best possible scenario.

There's a very simply workaround: just edit your sudoers file!

sudo visudo

and add a line like that (or modify it if it's already there)

Defaults    timestamp_timeout=120

This means that sudo will ask for a password every two hours instead of the default (15 minutes on most installations). You can use -1 in order to never let it expire (I don't suggest that - 8-10 hours should be enough for everybody.)

The only drawback is that such timeout is per shell, not system-wide - i.e. if you open multiple terminals, you'll have to enter the password again for each new terminal instance.

Subscribe to Alan's Lair

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe