I wish sudo would ask for my password less often

This is a very old trick, but I find many people doesn't know about it yet.

If you're using sudo (and you definitely should), one minor complaint is that you need to re-enter your password quite often.

One common pseudo-solution is to completely disable the password for executing sudo with such user; while it may be a good idea sometimes, it does decrease the overall security - if you happen to forget an open shell or screen/tmux lingering somewhere, you give total power to whoever gets in touch with it.

If you happen to let people into your sudo-enabled account with your ssh key, anybody that can get hold of your ssh key will get root access to your servers. It's not the best possible scenario.

There's a very simply workaround: just edit your sudoers file!

sudo visudo  

and add a line like that (or modify it if it's already there)

Defaults    timestamp_timeout=120  

This means that sudo will ask for a password every two hours instead of the default (15 minutes on most installations). You can use -1 in order to never let it expire (I don't suggest that - 8-10 hours should be enough for everybody.)

The only drawback is that such timeout is per shell, not system-wide - i.e. if you open multiple terminals, you'll have to enter the password again for each new terminal instance.

Alan Franzoni

Read more posts by this author.

Trieste, Italy
comments powered by Disqus