Recently I came across some documentation that stated that once sudo was successfully ran it stays unlocked for 5 minutes and can be reset through sudo -k. What I was wondering was how do I increase this 5 minute timer to say 10 minutes?
Asked
Active
Viewed 998 times
6
muru
- 207,228
NerdOfCode
- 2,608
1 Answers
9
From man sudoers:
sudoersuses time stamp files for credential caching. Once a user has been authenticated, the time stamp is updated and the user may then usesudowithout a password for a short period of time (15 minutes unless overridden by thetimeoutoption). By default,sudoersuses atty-based time stamp which means that there is a separate time stamp for each of a user's login sessions. Thetty_ticketsoption can be disabled to force the use of a single time stamp for all of a user's sessions.
The "timeout" above refers to timestamp_timeout,
also explained in man sudoers:
timestamp_timeoutNumber of minutes that can elapse before
sudowill ask for a passwd again. The timeout may include a fractional component if minute granularity is insufficient, for example 2.5. The default is 15. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's time stamp will never expire. This can be used to allow users to create or delete their own time stamps viasudo -vandsudo -krespectively.
To modify the default setting of timestamp_timeout,
edit the sudoers configuration using the sudo visudo command,
and add a line near the top of the file like this:
# timeout after 30 minutes (instead of the default 15)
Defaults timestamp_timeout=30
David Foerster
- 36,890
- 56
- 97
- 151
janos
- 4,968