jump to navigation

Make sudo/gksudo remember passwords January 25, 2006

Posted by Carthik in administration, snippets, ubuntu.
trackback

I use sudo and gksudo quite often. Now, if you use sudo in a terminal window, then you only have to enter the password the first time. But what if you have more than one terminal window, and try to use a sudo command in all of them? You will be prompted for your password the first time you use sudo in each terminal window. The same applies for gksudo.

This makes sense for a computer that is acting as a server. If you are logged in from multiple locations, and you enter the password for sudo in your current location, all the other locations are still “safe” since the person using the other terminals will still have to enter the password to use sudo. But when it comes to desktop use, this behaviour can be an annoyance.

I hate being prompted again and again for the sudo password (and the graphical gksudo password). For me, on my laptop, I want the sudo password to be “shared” between the different terminal windows, and with gksudo. It would be nice if the timestamp on the password was “global” to all terminals, and all the “gksudo” menu entries.

I ensure this by changing the following line in /etc/sudoers:
Defaults !lecture,tty_tickets,!fqdn

to
Defaults !lecture,!tty_tickets,!fqdn

Here, tty_tickets refers to “terminal tickets”, and I just changed it from using one ticket per terminal, to a common ticket, globally.

Again, this is not recommended for server installs, but may make life a little easier for average Joe Desktop Users.

Comments»

1. Yannick - January 25, 2006

Very useful..
I had already: timestamp_timeout=600

note that /etc/sudoers must be edited with “sudo visudo”

Anyway.. thank’s for this another very good tip !!

2. Marius - January 25, 2006

Thanks for the tip, very useful.

Keep in mind that you also have the option to turn off password promptig for sudo altogether, in the scenarios you mention in general it is acceptable.

3. bytowisko » Archiwum wpisów » Sudo uładzone - January 25, 2006

[...] Znalezione na Ubuntu blog. [...]

4. towsonu2003 - January 25, 2006

I’m not sure how secure this is. I’m already not confortable with sudo remembering the password…
Imagine some malware that uses sudo to get root privileges. if sudo remembers the pass, it wont ask for it and the malware will get the permissions right aware. than, you’re pretty much screwed.

5. Florian - January 26, 2006

Yes, I’m with towsonu2003. I have completely turned off timestamp_timeout, so I recognize it every time a process needs root privileges. Confortable for me means save ;)

6. rodrigo.meza - March 24, 2006

somebody knows if there is a way to associate a tocket to the X server, in the same way this is done by:

exec ssh-agent sh -c ‘ssh-add

7. randomwalker - April 21, 2007

this is exactly what i was looking for, thanks! especially timestamp_timeout.. very useful. passwords begone!

the whole root thing is way overrated.. all my data is in $HOME, i couldn’t give a shit about the stuff in /

8. Chaanakya - March 5, 2009

@randomwalker Except for the fact that you would have to reinstall the OS if anything happened to “the stuff in /”. Of course, if you have a LOT of free time, be my guest.

9. animal mother - June 29, 2009

@Chaanakya

Root concept for desktop users should not be in the focus of security discussions. System configuration data is wrecked by automatic updates every two or three weeks in ubuntu, so the occasional user error will only be a drop in the bucket.
Furthermore, user data stored in HOME should be protected a lot better than the rest of the system for user privacy issues. It isn’t the sixties anymore, unix is used as a home computing OS nowadays.

10. 2006 - October 22, 2009

Do you have room to over-winter potted plants in your home? ,

11. 2006 - October 23, 2009

In all such situations, the driver must ensure the integrity of the data by synchronizing access to the shared locations. ,

12. porno sikiş - September 27, 2010

somebody knows if there is a way to associate a tocket to the X server, in the same way this is done by:

13. sex sikiş - September 28, 2010

Yes, I’m with towsonu2003. I have completely turned off

14. *nix dude - April 2, 2013

@randomwalker You don’t seem to have understood. If I gain access to ‘the stuff in /’, then I have elevated privileges, very likely root. That gives me access to your files in $HOME, and much worse, it also enables me to install Trojaned executables that log your passwords and send them to a dead-drop in Albania that I monitor via my botnet.
Please, please mantain your current attitude. I need more zombie machines for folding@home. The world thanks you for your ignorance!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 530 other followers

%d bloggers like this: