Home Linux Tips & Tricks How To Change Sudo Password Timeout In Linux

How To Change Sudo Password Timeout In Linux

By sk
Published: Last Updated on 16.4K views

This brief guide explains how to change sudo password timeout in Linux. The sudo system is an ingenious way to allow who can run administrative tasks in Linux and Unix operating systems.

Introduction

You can promote any normal user to execute commands that requires root permissions by simply adding him/her to the "sudo" group. This way we don't have to share the root user's password to all users.

Whenever you run a command with sudo, you will be prompted to enter the sudo password. For the subsequent commands that run shortly after first sudo command, you don't have to enter the password, even if they require sudo privileges.

This is because sudo remembers your password for 15 minutes by default. After 15 minutes, you will be asked to enter the password again for any sudo command.

This is actually a security feature. For instance, if you left the terminal open after running commands with sudo, the authentication automatically expires after 15 minutes of sudo inactivity. So, the other users can’t do any further administrative tasks.

This behaviour can be changed by increasing or decreasing the sudo password timeout limit as described below.

1. Change Sudo Password Timeout in Linux

1.1. To change sudo password timeout limit in Linux, run:

$ sudo visudo

This command will open the /etc/sudoers file in nano editor.

1.2. Find the following line:

Defaults env_reset

And change it like below:

Defaults env_reset, timestamp_timeout=30
Change Sudo Password Timeout In Linux
Change sudo password timeout in Linux

Here, 30 is the new timeout in minutes.  Press Ctrl+X followed by Y to save the changes and close the editor.

From now on, you will be asked to enter the sudo password after 30 minutes of sudo inactivity.

1.1. The Right Way to Edit Sudoers File

Instead of directly making changes in the "/etc/sudoers" file, please consider adding local content in /etc/sudoers.d/. This is better approach to modify sudo password timeout limit.

1.1.1. Cd into "/etc/sudoers.d/" directory:

$ cd /etc/sudoers.d/

1.1.2. Create a per-user configuration file using command:

$ sudo visudo -f sk

Replace "sk" with your username in the above command.

1.1.3. Add the following line in it:

Defaults timestamp_timeout=30
Change Sudo Password Timeout
Change sudo password timeout

As per the above line, I have set sudo password timeout for 30 minutes. Save the file by pressing Ctrl+O and press ENTER. And then, close the file by pressing CTRL+X.

If you're the only one who have the access to the system, there is no need to set sudo password limit shorter. You can increase the password timeout value much longer.

1.2. Always ask for sudo password

If you set 0 (zero) for "timestamp_timeout", you will always be asked the sudo password.

$ sudo visudo
Defaults timestamp_timeout=0

If you specify a negative value, the timeout will never expire.

1.3. Why visudo?

You might be wondering why we need to run "sudo visudo"? Why not just "sudo nano /etc/sudoers" and make the changes? Yes, you can do that as well. However, using visudo is the right way to edit /etc/sudoers file. This way you can put a lock on /etc/sudoers file and avoid simultaneous edits by other users at the same time.

2. Reset Sudo Password Timeout

Like I already said, once you entered the sudo password, you will not be asked to enter the password for subsequent commands for the next N minutes defined in the sudoers file.

If you want to reset this behaviour and make sudo asks for password next time, run:

$ sudo -k

This will immediately reset the password timeout and you will have to enter the sudo password for the next command.

For more details, refer man pages.

$ man sudoers

Hope this helps.

You May Also Like

5 comments

John B Spence May 4, 2020 - 7:59 pm

the command of visudo will open the file in vi not nano. Other than that, good article and very helpful info. Got this bookmarked until I can make a note of this info.

thanks,
john

Reply
sk May 4, 2020 - 10:46 pm

In Ubuntu, It opens the file in Nano, not Vim. In CentOS, It opens the file in Vi as you said. Glad it helped you.

Reply
Kosta September 30, 2021 - 8:32 pm

This does not work.

$ cd /etc/sudoers.d/
-ash: cd: can’t cd to /etc/sudoers.d/: Permission denied

Reply
sk September 30, 2021 - 8:42 pm

Your user doesn’t have permission. Check if the user has sudo permission.https://ostechnix.com/find-sudo-users-linux-system/

Reply
Anon October 26, 2022 - 3:17 pm

I had the same issue, as the directory is protected. Worked around it by switching to root user:
“`
sudo -i
cd /etc/sudoers.d/
visudo my-username
“`

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More