Q. I use sudo to provide permissions and command execution rights to other users under UNIX and Linux operating systems. However, I noticed something strange about sudo. When executing sudo, it will prompt for the user's password the first time, but sudo no longer requires a password anymore when re-executing it. Why? Is this is a security risk?
A. sudo records the timestamp by creating a file, when it is executed the first time, sudo won't need a password if the timestamp has not timed out. The time out value is 600 seconds (5 minutes) by default.
timestamp_timeout
Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user’s timestamp will never expire. Open /etc/sudoers
# vi timestamp_timeout
And set timestamp_timeout as per your setup:
timestamp_timeout 0
sudo -k option
This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively. Run sudo -k to invalidate the timestamp after executing sudo.
$ sudo -k
passwd_timeout
Number of minutes before the sudo password prompt times out. The default is 5, set this to 0 for no password timeout.
passwd_timeout 2
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 1 comment… read it below or add one }
I really didn’t understand anything. HOW DO YOU CHANGE the timestamp_timeout ?
Add that in sudoeds ? Nothing happened i got a parse error.
Sudo -k does nothing
HOW ?