sudo password caching

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
Level 1
Level 1
Posts: 20
Joined: Mon Nov 12, 2018 2:02 pm

sudo password caching

Post by Rander »

A few questions about sudo and password caching:

When sudo'ing something in the console, the password is cached for 15 minutes (i believe the default is). But, if after 10 minutes, i sudo something else, does that 15 minutes start over, or is it always counting from the password entry?

Also, how do I get the same type of caching in the gui? If I run a program that requires root privileges in the gui and enter my password, then, if I 10 seconds later open another program that require root, it asks me my password again, which is pretty annoying! Can someone explain why there is this difference between console and gui - and how to get the gui to cache it the same way the console does?
Hoser Rob
Level 17
Level 17
Posts: 7071
Joined: Sat Dec 15, 2012 8:57 am

Re: sudo password caching

Post by Hoser Rob »

If you closed the terminal right after you used a command with sudo and then immediately opened the terminal again you'd have to enter your password again, right? So why expect it to keep the PW cross applications? That sounds like a security nightmare anyway.
User avatar
Level 5
Level 5
Posts: 643
Joined: Sat Oct 27, 2018 3:06 am
Location: Rio de Janeiro, Brasil

Re: sudo password caching

Post by ricardogroetaers »

As for how long a password remains valid in a terminal window, I don't know, just measuring that time to find out.

At first, a terminal window is mono-tasking. While a program remains running, the window is locked. You cannot enter another command or program in the same window, the command prompt will not be available.
It is necessary to wait for the program to finish running.

Sudo is just a program. If you have already entered the password to run it in that terminal window, it does not make sense to enter the password again in the same terminal session, this would be mere redundancy.

However, leaving a terminal window open for a long period of time without typing anything is considered forgetfulness or abandonment.
Someone with malicious intent could perform tasks that require privileges without using a password.
The system designer, in this case, had common sense.

The GUI is multitasking. A terminal window is just a program, like any other, running in the GUI. If several programs require a password to run, it is necessary to enter the password for each one, including for several instances of the same program.

Think about whether in the GUI, when entering the password to run a specific program, access to any program that requires privileges is allowed in the GUI, including terminal windows.
Okay, now the almighty System Root is in the area, no one holds it.

Pointing at the click of a mouse is easier than typing commands, any little child does.
The system designer had common sense.

But everything has a solution, just activate the root account, which is blocked by default, allow automatic root login, and roam the system without worrying about annoying passwords.
Level 1
Level 1
Posts: 32
Joined: Thu Jun 11, 2015 9:33 am

Re: sudo password caching

Post by mintmdrescher »

Sudo stores a timestamp of the last successful user's password check in /var/run/sudo/ts/. It does not get prolonged automatically. You can use 'sudo -v' to update this timestamp. You can invalidate this timestamp with 'sudo -k'. If and how long an authentication will be stored is set by 'timestamp_timeout' in sudoers.

This and many more sudo magic can be discovered in both man pages, sudo and sudoers.
Level 5
Level 5
Posts: 998
Joined: Sat Jul 15, 2017 9:57 pm

Re: sudo password caching

Post by jglen490 »

There are some REALLY DANGEROUS ways to bypass that timeout feature. Effectively, doing so will leave the user in exactly the same position as being a "root" level user. Being a "root" level user leaves your entire system, not just your user account, open to some very bad things.

Don't do it. But' if circumstances dictate that you must, then exit that mode as soon as you possibly can. I could tell you how, but you can find out if you want to by reading the man pages.
I feel more like I do than I did when I got here.
Toshiba A135-S2386, Intel T2080, ATI Radeon® Xpress 200M Chipset, 2GB RAM, 500GB
Post Reply

Return to “Newbie Questions”