Recently I came across some documentation that stated that once sudo was successfully ran it stays unlocked for 5 minutes and can be reset through sudo -k. What I was wondering was how do I increase this 5 minute timer to say 10 minutes?
Asked
Active
Viewed 899 times
6
muru
- 193,181
- 53
- 473
- 722
NerdOfCode
- 2,408
- 4
- 16
- 33
1 Answers
9
From man sudoers:
sudoersuses time stamp files for credential caching. Once a user has been authenticated, the time stamp is updated and the user may then usesudowithout a password for a short period of time (15 minutes unless overridden by thetimeoutoption). By default,sudoersuses atty-based time stamp which means that there is a separate time stamp for each of a user's login sessions. Thetty_ticketsoption can be disabled to force the use of a single time stamp for all of a user's sessions.
The "timeout" above refers to timestamp_timeout,
also explained in man sudoers:
timestamp_timeoutNumber of minutes that can elapse before
sudowill ask for a passwd again. The timeout may include a fractional component if minute granularity is insufficient, for example 2.5. The default is 15. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's time stamp will never expire. This can be used to allow users to create or delete their own time stamps viasudo -vandsudo -krespectively.
To modify the default setting of timestamp_timeout,
edit the sudoers configuration using the sudo visudo command,
and add a line near the top of the file like this:
# timeout after 30 minutes (instead of the default 15)
Defaults timestamp_timeout=30
David Foerster
- 35,754
- 55
- 92
- 145
janos
- 4,848
- 23
- 50
-
So how do you increase the `timeout`? – NerdOfCode Dec 17 '17 at 20:14
-
Sorry again, but what should I put in the file, I saw no hints for it. – NerdOfCode Dec 17 '17 at 20:22