Sudo doesn't timeout

**bforbes** · 04-29-2006

I'd like sudo to timeout quickly, because I don't like the idea of giving normal users root access for ages. I edited my sudoers file thusly:

Defaults !lecture,tty_tickets,!fqdn

# User privilege specification
root ALL=(ALL) ALL
bforbes ALL=(ALL) ALL
Defaults:ALL rootpw,passwd_timeout=1

But once I use sudo, it doesn't appear to ever timeout. I can do sudo -k to forcibly time it out, but I want it to be automatic. Is that possible?

**GodofPain** · 05-04-2006

I don't know if there is a standard way to do this or not but your post has gone unanswerd for a few days to here is what I would do.

sudo is going to run some program as the root user. You could add a script to the ~/.bashrc of the root account that would run first and have some timeout that would kill the bash session for that login. This would take some testing to figure out exaclty what to do. If I get some time soon I till try to do this and post my code. It sounds like a cool project.

**AwesomeMachine** · 05-05-2006

Sudo is for running a single command as root. When that program is closed sudo is over. Commands after that, in the same terminal, will run as a normal user.

**GodofPain** · 05-05-2006

AwesomeMachine: I don't know if your "What?" was directed at me or not but you are right. The issues is if the single command is xterm or some other terminal program then the user could continue to run any commands they want as root, as many times as they like.

My solution to this is fork a process in the back ground that kills the sudo and the command after some time. The problem with that is once a user as sudo'ed to root they could kill that process and stop it from terminating their session.

The only real solution would be to hack sudo source code and build in a time out but I have not looked at that and expect it to me more complex then a simple bash script.

**spoon!** · 05-06-2006

Originally Posted by bforbes

I'd like sudo to timeout quickly, because I don't like the idea of giving normal users root access for ages. I edited my sudoers file thusly:

But once I use sudo, it doesn't appear to ever timeout. I can do sudo -k to forcibly time it out, but I want it to be automatic. Is that possible?

I think you should set the "timestamp_timeout" flag.

Originally Posted by GodofPain

AwesomeMachine: I don't know if your "What?" was directed at me or not but you are right. The issues is if the single command is xterm or some other terminal program then the user could continue to run any commands they want as root, as many times as they like.

My solution to this is fork a process in the back ground that kills the sudo and the command after some time. The problem with that is once a user as sudo'ed to root they could kill that process and stop it from terminating their session.

The only real solution would be to hack sudo source code and build in a time out but I have not looked at that and expect it to me more complex then a simple bash script.

This is not relevant to the OP's issue. The OP wants the sudo timestamp to expire, this has nothing to do with what can be run through sudo itself.

**bforbes** · 05-06-2006

Originally Posted by spoon!

I think you should set the "timestamp_timeout" flag.

Thanks that did it.

Thread Tools

Display

Sudo doesn't timeout

What?

Posting Permissions