Page 1 of 1

sudo password caching

Posted: Wed Feb 12, 2020 8:45 am
by Rander
A few questions about sudo and password caching:

When sudo'ing something in the console, the password is cached for 15 minutes (i believe the default is). But, if after 10 minutes, i sudo something else, does that 15 minutes start over, or is it always counting from the password entry?

Also, how do I get the same type of caching in the gui? If I run a program that requires root privileges in the gui and enter my password, then, if I 10 seconds later open another program that require root, it asks me my password again, which is pretty annoying! Can someone explain why there is this difference between console and gui - and how to get the gui to cache it the same way the console does?

Re: sudo password caching

Posted: Wed Feb 12, 2020 10:22 am
by Hoser Rob
If you closed the terminal right after you used a command with sudo and then immediately opened the terminal again you'd have to enter your password again, right? So why expect it to keep the PW cross applications? That sounds like a security nightmare anyway.

Re: sudo password caching

Posted: Fri Feb 14, 2020 6:12 am
by ricardogroetaers
As for how long a password remains valid in a terminal window, I don't know, just measuring that time to find out.

At first, a terminal window is mono-tasking. While a program remains running, the window is locked. You cannot enter another command or program in the same window, the command prompt will not be available.
It is necessary to wait for the program to finish running.

Sudo is just a program. If you have already entered the password to run it in that terminal window, it does not make sense to enter the password again in the same terminal session, this would be mere redundancy.

However, leaving a terminal window open for a long period of time without typing anything is considered forgetfulness or abandonment.
Someone with malicious intent could perform tasks that require privileges without using a password.
The system designer, in this case, had common sense.


The GUI is multitasking. A terminal window is just a program, like any other, running in the GUI. If several programs require a password to run, it is necessary to enter the password for each one, including for several instances of the same program.

Think about whether in the GUI, when entering the password to run a specific program, access to any program that requires privileges is allowed in the GUI, including terminal windows.
Okay, now the almighty System Root is in the area, no one holds it.

Pointing at the click of a mouse is easier than typing commands, any little child does.
The system designer had common sense.

But everything has a solution, just activate the root account, which is blocked by default, allow automatic root login, and roam the system without worrying about annoying passwords.

Re: sudo password caching

Posted: Thu Feb 20, 2020 9:40 am
by mintmdrescher
Sudo stores a timestamp of the last successful user's password check in /var/run/sudo/ts/. It does not get prolonged automatically. You can use 'sudo -v' to update this timestamp. You can invalidate this timestamp with 'sudo -k'. If and how long an authentication will be stored is set by 'timestamp_timeout' in sudoers.

This and many more sudo magic can be discovered in both man pages, sudo and sudoers.

Re: sudo password caching

Posted: Thu Feb 20, 2020 6:38 pm
by jglen490
There are some REALLY DANGEROUS ways to bypass that timeout feature. Effectively, doing so will leave the user in exactly the same position as being a "root" level user. Being a "root" level user leaves your entire system, not just your user account, open to some very bad things.

Don't do it. But' if circumstances dictate that you must, then exit that mode as soon as you possibly can. I could tell you how, but you can find out if you want to by reading the man pages.