Change (gk)sudo timeout

I have always found that the standard behaviour of sudo and gksu in Ubuntu is very dangerous and a huge security thread.

If you don’t know what I mean, I’ll explain.

Every time you enter your password to get root access in the terminal or when launching an app like synaptic, ALL applications can become root without needing a password for 5 minutes.

Let’s disable this behaviour.

(read entire article before modifying)

Open up your terminal.

Enter this command:

sudo visudo

This will modify the sudoers file. Do not edit the sudoers file directly!

A text document will open up in the terminal.

Navigate to the bottom of the document using your arrows on your keyboard.

On the bottom of the file enter this:

Defaults timestamp_timeout=0

Then press “ctrl+x” and then press “y” and to finish press enter.

You’re done.

Should there already be a “Defaults xxx” mention in the file, put a comma after it and then enter the timeout code.

Defaults xxx,passwd_timeout=0

Increasing the value to 10, will give you a 10 minutes sudo timeout.

If you put a “-1” value, you’ll have an unlimited sudo timeout. This isn’t very wise to do for normal users.

No matter what your sudo timeout is, if you use the command

sudo -k

in a terminal, you’ll have to enter your password again the next time.

If you are wondering, changing the timeout will both affect sudo and gksu(do).

Be careful that you don’t start deleting things in this file, if you screw up you could seriously damage your user privileges, and could need a clean install to fix it.

  1. Cool blog.I love Ubuntu🙂

    • Brandon
    • December 17th, 2008

    Why not just use a wrapper script

    #!/bin/bash
    # Call me something like “saferoot”
    # and place me in /usr/local/bin.
    gksudo “$@”
    sudo -k
    exit 0

    Then you can invoke it like:
    saferoot COMMAND

    and it will automatically clear sudo authentication afterward.

    • Bill Goldberg
    • December 17th, 2008

    @ Brandon

    I don’t see why I would use that.

  2. Is timestamp in minutes or in seconds?

  3. “Every time you enter your password to get root access in the terminal or when launching an app like synaptic, ALL applications can become root without needing a password for 5 minutes.”
    – I heard this multiple times, but do you have an example to prove this?

  1. October 22nd, 2008

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: