5.5.1 ProblemYou want sudo always to prompt for a password. 5.5.2 SolutionWhen controlled by superuser: /etc/sudoers: Defaults timestamp_timeout = 0 systemwide Defaults:smith timestamp_timeout=0 per sudo user When controlled by end-user, write a script that runs sudo -k after each sudo invocation. Call it "sudo" and put it in your search path ahead of /usr/bin/sudo: ~/bin/sudo: #!/bin/sh /usr/bin/sudo $@ /usr/bin/sudo -k 5.5.3 DiscussionAfter invoking sudo, your authorization privileges last for some number of minutes, determined by the variable timestamp_timeout in /etc/sudoers. During this period, you will not be prompted for a password. If your timestamp_timeout is zero, sudo always prompts for a password. This feature can be enabled only by the superuser, however. Ordinary users can achieve the same behavior with sudo -k, which forces sudo to prompt for a password on your next sudo command. Our recipe assumes that the directory ~/bin is in your search path ahead of /usr/bin. 5.5.4 See Alsosudo(8), sudoers(5). |