Archive

Posts Tagged ‘sudo’

increase sudo timeout

February 12, 2017 Leave a comment

Problem
You want to increase the sudo password remember timeout.

Solution
Run “sudo visudo“, then add this line to the end:

Defaults    timestamp_timeout=60

Where 60 means 60 minutes. If you specify -1, then the password is never forgotten (which is not a good idea IMO).

Tip from here.

Advertisements
Categories: bash, linux Tags: ,

run a script as another user without password

October 8, 2013 Leave a comment

You can run a program/script/command as another user the following way (example):

sudo -u www-data /bin/date

That is: /bin/date is executed in the name of www-data and you get the output. However, it asks for your password.

Question: how to execute the command above without a password check?

Solution

Create the file /etc/sudoers.d/date_test :

jabba ALL=(www-data) NOPASSWD: /bin/date

Meaning: allow the user “jabba” to execute “/bin/date” in the name of “www-data” and ask no password.

You should read /etc/sudoers.d/README, it contains important pieces of information:

  • the file you create cannot contain ‘~‘ or ‘.
  • the file must have 0440 rights
  • the command at the end of the lines must have absolute path

Tip from here.

Categories: bash, security Tags: , ,

Make sudo ask for your password every time

Problem
When you use “sudo“, it remembers your password for some minutes, thus if you call “sudo” within this time frame again, it won’t ask your password.

However, I want “sudo” to ask my password every time I call it.

Solution
Execute the command “sudo visudo” and add the following line to the end of the “Defaults” block:

Defaults    timestamp_timeout=0

The value “0” means it won’t cache your password.

Tip from here.

Categories: ubuntu Tags: ,

Don’t use sudo with graphical applications

March 29, 2012 Leave a comment

This post is based on a comment of one of my readers called gourgi.

Problem
You want to launch a graphical application with administrator privileges. Shall I use “sudo”?

Solution
No. In the case of graphical applications, you should use “gksudo” instead. “You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=~root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root.” [1]

More info:

  1. https://help.ubuntu.com/community/RootSudo#Graphical_sudo
  2. http://www.psychocats.net/ubuntu/graphicalsudo

Enable insults in sudo

June 13, 2011 Leave a comment

When you use sudo and you mistype your password, you can receive some insults :) Here is how to activate it:

  • sudo vi /etc/sudoers
  • find the line that starts with “Defaults” and append “insults” to the end of the line. Mine looks like this: “Defaults env_reset,insults” (without quotes, of course).

If you want to test it, just mistype your sudo password. Have fun :)

This entry is based on this post.

Categories: bash, fun, ubuntu Tags: , ,