Recipe 5.5 Forcing Password Authentication in sudo

Previous page
Table of content
Next page

5.5.1 Problem

You want sudo always to prompt for a password.

5.5.2 Solution

When controlled by superuser:

/etc/sudoers: Defaults timestamp_timeout = 0                systemwide Defaults:smith  timestamp_timeout=0           per sudo user

When controlled by end-user, write a script that runs sudo -k after each sudo invocation. Call it "sudo" and put it in your search path ahead of /usr/bin/sudo:

~/bin/sudo: #!/bin/sh /usr/bin/sudo $@ /usr/bin/sudo -k

5.5.3 Discussion

After invoking sudo, your authorization privileges last for some number of minutes, determined by the variable timestamp_timeout in /etc/sudoers. During this period, you will not be prompted for a password. If your timestamp_timeout is zero, sudo always prompts for a password.

This feature can be enabled only by the superuser, however. Ordinary users can achieve the same behavior with sudo -k, which forces sudo to prompt for a password on your next sudo command. Our recipe assumes that the directory ~/bin is in your search path ahead of /usr/bin.

5.5.4 See Also

sudo(8), sudoers(5).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
A Practitioners Guide to Software Test Design
C & Data Structures (Charles River Media Computer Engineering)
Introduction to 80x86 Assembly Language and Computer Architecture
Cisco CallManager Fundamentals (2nd Edition)
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy