Thursday, September 13, 2018

How to Specify Time Limit for a Sudo Session

https://vitux.com/how-to-specify-time-limit-for-a-sudo-session

How to set a sudo timeout
While working with the sudo command for performing administrative tasks in Linux, you might have noticed that even if you have provided sudo password a while ago, you are asked to provide it again after some time. This happens because of the time limit of your sudo session, which is set to 15 minutes by default. If you enter a sudo command after these 15 minutes even in the same terminal session, you are asked to enter the password again. As a Linux administrator, you might want to lengthen or shorten the time limit for the sudo session than the default fifteen minutes.
This tutorial describes how you can make very simple changes in the /etc/sudoers file to specify a time limit for a sudo session. The commands mentioned in this article have been executed in Ubuntu 18; however, they perform the same in the older versions of Ubuntu as well.

Specify Time X For a Sudo Session

In this example, we will change the time limit of our sudo session to 10 minutes. Please follow these steps to change the time limit for your sudo session, to as long as you want:
Open your Ubuntu Terminal by pressing Ctrl+Alt+T or through the Ubuntu Dash.
Since you need to edit the sudoers file located in the etc folders, enter the following command:
$ sudo visudo
visudo command
You will be asked to enter a password for the sudo user.
You will be wondering why aren’t we opening the sudoers file like we open the other text files. The answer is that unlike other text editors, visudo verifies the syntax of the text you enter in the file. This saves you from making any faulty changes that may cause you serious repercussions. For example, making faulty edits to the sudoers file can cost you the inability to log-in as a privileged user to perform any of the elevated functions.
Type your password and enter. The sudoers file will open in the Nano editor as it is the default text editor for Ubuntu 18.04.
The sudoers file
In the above image, you can see the following line:
Defaults env_reset
This line is responsible for the time limit of your sudo session. You need to make the following changes to this line:
Defaults env_reset, timestamp_timeout=x
Here x is the time, in minutes, that you can specify in order to set your required time limit. Please note the following points while setting this timeout:
If you specify the timeout to be 0, your session will last only 0 minutes. It means that you will be asked to enter passwords for each of your sudo commands.
If you set this time to be less than zero (in negative), the sudo command will not work properly.
In this example, I am shortening the default time of 15 minutes to 10 minutes through the following changes in my sudoers file:
Change sudo timeout from 15 minutes to 10 minutes
Press Ctrl+X to exit the file after making the required changes. You will be asked if you want to save the modified file. Press Y for saving the changes.
Save modification to sudoers file
You will also be asked to specify the file name to be saved. Please press enter as we do not want to change the file name here.
Do not specify filename when saving the file
Your changes will be saved and your sudo session will last till the specified minutes whenever you use the sudo command.

Set Sudo Session Last Till Terminal Closes

Through a simple command, you can let your sudo session last till you close the terminal, no matter how long the terminal stays open. You will not be asked to enter your password for any command that requires sudo permission after running this command:
$ sudo -s

Terminate the sudo session

After you have provided the password for sudo, you can terminate the sudo session even before the time limit specified in the sudoers file, through the following simple command:
$ sudo -k
Please note that this command will not terminate the session if you have used the “sudo -s” during a terminal session.
So, this is how you can shorten or lengthen the time duration for a sudo session by making a one-line change in the /etc/sudoers file. You can also use other commands mentioned in this article to terminate the sudo session or make it last till the terminal session lasts.

No comments:

Post a Comment