Make sudo/gksudo remember passwords January 25, 2006
Posted by Carthik in administration, snippets, ubuntu.trackback
I use sudo and gksudo quite often. Now, if you use sudo in a terminal window, then you only have to enter the password the first time. But what if you have more than one terminal window, and try to use a sudo command in all of them? You will be prompted for your password the first time you use sudo in each terminal window. The same applies for gksudo.
This makes sense for a computer that is acting as a server. If you are logged in from multiple locations, and you enter the password for sudo in your current location, all the other locations are still “safe” since the person using the other terminals will still have to enter the password to use sudo. But when it comes to desktop use, this behaviour can be an annoyance.
I hate being prompted again and again for the sudo password (and the graphical gksudo password). For me, on my laptop, I want the sudo password to be “shared” between the different terminal windows, and with gksudo. It would be nice if the timestamp on the password was “global” to all terminals, and all the “gksudo” menu entries.
I ensure this by changing the following line in /etc/sudoers:
Defaults !lecture,tty_tickets,!fqdn
to
Defaults !lecture,!tty_tickets,!fqdn
Here, tty_tickets refers to “terminal tickets”, and I just changed it from using one ticket per terminal, to a common ticket, globally.
Again, this is not recommended for server installs, but may make life a little easier for average Joe Desktop Users.
Ubuntu Blog 
Very useful..
I had already: timestamp_timeout=600
note that /etc/sudoers must be edited with “sudo visudo”
Anyway.. thank’s for this another very good tip !!
Thanks for the tip, very useful.
Keep in mind that you also have the option to turn off password promptig for sudo altogether, in the scenarios you mention in general it is acceptable.
[…] Znalezione na Ubuntu blog. […]
I’m not sure how secure this is. I’m already not confortable with sudo remembering the password…
Imagine some malware that uses sudo to get root privileges. if sudo remembers the pass, it wont ask for it and the malware will get the permissions right aware. than, you’re pretty much screwed.
Yes, I’m with towsonu2003. I have completely turned off timestamp_timeout, so I recognize it every time a process needs root privileges. Confortable for me means save 😉
somebody knows if there is a way to associate a tocket to the X server, in the same way this is done by:
exec ssh-agent sh -c ‘ssh-add
this is exactly what i was looking for, thanks! especially timestamp_timeout.. very useful. passwords begone!
the whole root thing is way overrated.. all my data is in $HOME, i couldn’t give a shit about the stuff in /
@randomwalker Except for the fact that you would have to reinstall the OS if anything happened to “the stuff in /”. Of course, if you have a LOT of free time, be my guest.
@Chaanakya
Root concept for desktop users should not be in the focus of security discussions. System configuration data is wrecked by automatic updates every two or three weeks in ubuntu, so the occasional user error will only be a drop in the bucket.
Furthermore, user data stored in HOME should be protected a lot better than the rest of the system for user privacy issues. It isn’t the sixties anymore, unix is used as a home computing OS nowadays.
Do you have room to over-winter potted plants in your home? ,
In all such situations, the driver must ensure the integrity of the data by synchronizing access to the shared locations. ,
somebody knows if there is a way to associate a tocket to the X server, in the same way this is done by:
Yes, I’m with towsonu2003. I have completely turned off
@randomwalker You don’t seem to have understood. If I gain access to ‘the stuff in /’, then I have elevated privileges, very likely root. That gives me access to your files in $HOME, and much worse, it also enables me to install Trojaned executables that log your passwords and send them to a dead-drop in Albania that I monitor via my botnet.
Please, please mantain your current attitude. I need more zombie machines for folding@home. The world thanks you for your ignorance!
Thanks man very useful this trick! i have desktop machine and it was very irritant to write and fucking rewrite the same passwd all the fucking time. Debian do the things like this post say “just one time passwd ;rememnber && fuck-off until people logout.” sorry my English.