Rhonda's Blog                    
Mainpage Disclaimer

Tue, 12 Oct 2010

sudo and timeouts

People start to wonder why the timeouts for the passwords in sudo seem to be so short recently in squeeze. The reason is a change in the defaults that causes it. The following option changed its default:

If set, users must authenticate on a per-tty basis. Normally, sudo uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, sudo will use a file named for the tty the user is logged in on in that directory. This flag is on by default.

To change it back you can add this line into your sudoers file:

Defaults !tty_tickets

Please be aware that the change in default is done because of security considerations. You might not always have all the ttys you are logged in directly visible and others might be able to access them (like, sudo on a remote SSH session). Use with caution, you though might consider disabling it on local systems with no remote users.

Hope that helps! Actually this blog post was triggered by a question on ask.debian.net, a new service in the Debian eco system.

/debian | permanent link | Comments: 1

Trackbacks are closed for this story.

Someone wrote at 2010-10-12 15:47:

Wait, sudo has "timeouts"? ;)

(From a NOPASSWD user, who figures that once you have my personal account, you have everything important anyway.)

Comments are closed for this story.

If you want to syndicate this blog, feel free to do so.
This list contains the feeds that I follow:

Sun Mon Tue Wed Thu Fri Sat


©opyright 1999++ by Rhonda
[rss feed]

[html by vim] [graphics by gimp]

[generated by wml]

[powered by blosxom]