Home FAQ How To Change Sudo Password Timeout In Linux
How To Change Sudo Password Timeout In Linux

How To Change Sudo Password Timeout In Linux

By sk
93 Views

This brief guide explains how to change sudo password timeout in Linux. The sudo system is an ingenious way to allow who can run administrative tasks in Linux and Unix operating systems. You can promote any normal user to execute commands that requires root permissions by simply adding him/her to the "sudo" group. This way we don't have to share the root user's password to all users.

Whenever you run a command with sudo, you will be prompted to enter the sudo password. For the subsequent commands that run shortly after first sudo command, you don't have to enter the password, even if they require sudo privileges. This is because sudo remembers your password for 15 minutes by default. After 15 minutes, you will be asked to enter the password again for any sudo command.

This is actually a security feature. For instance, if you left the terminal open after running commands with sudo, the authentication automatically expires after 15 minutes of sudo inactivity. So, the other users can’t do any further administrative tasks.

This behaviour can be changed by increasing or decreasing the sudo password timeout limit as described below.

Change Sudo Password Timeout In Linux

To change sudo password timeout limit in Linux, run:

$ sudo visudo

This command will open the /etc/sudoers file in nano editor.

Find the following line:

Defaults env_reset

And change it like below:

Defaults env_reset, timestamp_timeout=30

Change Sudo Password Timeout In Linux

Here, 30 is the new timeout in minutes.  Press Ctrl+X followed by Y to save the changes and close the editor.

From now on, you will be asked to enter the sudo password after 30 minutes of sudo inactivity.

The right way to edit sudoers file

Instead of directly making changes in the /etc/sudoers file, please consider adding local content in /etc/sudoers.d/. This is better approach to modify sudo password timeout limit.

Cd into /etc/sudoers.d/ directory:

$ cd /etc/sudoers.d/

Create a per-user configuration file using command:

$ sudo visudo -f sk

Replace "sk" with your username in the above command.

Add the following line in it:

Defaults timestamp_timeout=30

Change Sudo Password Timeout

As per the above line, I have set sudo password timeout for 30 minutes. Save the file by pressing Ctrl+O and press ENTER. And then, close the file by pressing CTRL+X.

If you're the only one who have the access to the system, there is no need to set sudo password limit shorter. You can increase the password timeout value much longer.

Always ask for sudo password

If you specify 0 (zero) for "timestamp_timeout", you will always be asked the sudo password.

$ sudo visudo
Defaults timestamp_timeout=0

If you specify a negative value, the timeout will never expire.

Why visudo?

You might be wondering why we need to run "sudo visudo"? Why not just "sudo nano /etc/sudoers" and make the changes? Yes, you can do that as well. However, using visudo is the right way to edit /etc/sudoers file. This way you can put a lock on /etc/sudoers file and avoid simultaneous edits by other users at the same time.


Suggested read:


Reset Sudo Password Timeout

Like I already said, once you entered the sudo password, you will not be asked to enter the password for subsequent commands for the next N minutes defined in the sudoers file. If you want to reset this behaviour and make sudo asks for password next time, run:

$ sudo -k

This will immediately reset the password timeout and you will have to enter the sudo password for the next command.

For more details, refer man pages.

$ man sudoers

Related read:


Hope this helps.

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You May Also Like

2 comments

John B Spence May 4, 2020 - 7:59 pm

the command of visudo will open the file in vi not nano. Other than that, good article and very helpful info. Got this bookmarked until I can make a note of this info.

thanks,
john

Reply
sk May 4, 2020 - 10:46 pm

In Ubuntu, It opens the file in Nano, not Vim. In CentOS, It opens the file in Vi as you said. Glad it helped you.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More