Saturday, May 4, 2024
Homepage · 12.04
 Popular · Latest · Hot · Upcoming
1
rated 0 times [  1] [ 0]  / answers: 1 / hits: 519  / 2 Years ago, wed, february 23, 2022, 7:55:35

I recently changed my sudo password timeout (the amount of time that passes before sudo asks you for your password again). It defaults to 15 minutes; I raised that to an hour with sudo visudo and changing Defaults env_reset,timestamp_timeout=60. You can make sudo never ask for a password again, however, by setting it to -1.



While I have a feeling that every admin under the sun will tell me this is a bad idea, I'm wondering what the specific security risks are. If someone is logged in as me, don't they already have my password? What specific scenario will having a non-infinite password timeout protect me from?



My Ubuntu box runs a web server exposed to the public.


More From » 12.04
 Answers
0

The sudo timeouts apply only to the current shell session. Try this:




  • Open a terminal

  • Run sudo ls. You will be asked for a password

  • Run sudo ls again. You will not be asked for a password because the timeout hasn't yet expired

  • Open another terminal window

  • Run sudo ls in the new terminal. You will be asked for your password even though the timeout for the first session hasn't expired yet.



Your biggest risk of long sudo timeout is if you use sudo and then go for a coffee someone might reuse your sudo capabilities while you are away.


[#24852] Thursday, February 24, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
tigehanc
Add To Favorites
Follow
Total Points: 162
Total Questions: 113
Total Answers: 122
Location: Zambia
Member since Sat, Oct 31, 2020
4 Years ago
tigehanc questions
Thu, Dec 22, 22, 01:47, 1 Year ago
Sat, Aug 28, 21, 03:26, 3 Years ago
Tue, Sep 14, 21, 17:36, 3 Years ago
Thu, Apr 6, 23, 10:01, 1 Year ago
Sat, Nov 20, 21, 01:23, 3 Years ago
View All
;