How to Make sudo Remember the Password for Longer

How to Make sudo Remember the Password for Longer

Here’s how to make sudo remember your password for longer so that you don’t have to keep typing it repeatedly.

Probably you execute quite a lot of sudo commands because you don’t want to sudo su and execute commands as root all the time. However, it can be not very pleasant having to keep entering the sudo password. So here’s how you can deal with it.

You noticed that if you execute one and then another one within a few minutes, the 2nd time, you don’t get the message like: [sudo] password for your_username. However, you get it when there is more time between the execution of the two commands.

How Can I Make sudo Last Longer?

The behavior of sudo is configured in the /etc/sudoers file, and by default timeout of the sudo command is 15 minutes.

The /etc/sudoers file has a timestamp_timeout option responsible for reprompting the user for a password after a specific amount of time.

The good news is that you can increase this number to a larger one (in minutes) by adding a string in the /etc/sudoers file. After that time, sudo will ask for a password again.

The sudo command doesn’t remember your password, but when you first authorize it, a session is created which lasts for timestamp_timeout. It stores timestamp under the /var/run/sudo/ts/ directory.

It’s essential to make sure you edit your sudoers file using visudo, which checks your syntax and will not leave you with the wrong configuration and inaccessible sudo.

In other words, running sudo visudo instead of editing the file directly causes the system to validate the /etc/sudoers file before it commits the changes.

To make the sudo command last longer, run the following command in terminal:

sudo visudo

Find the lines starting with Defaults and add Defaults timestamp_timeout=x where x is the number of minutes you want between reprompts. In our case, we set this value to 60.

Make sudo Remember the Password for Longer

That’s it. Save the file and exit. The sudo password prompt will time out after an hour (60 minutes) once sudo is invoked by a user.

In addition, if you specify 0, you will always be asked for the password. Keep in mind that if you set a negative value, for example, -1, the timeout will never expire.

Of course, specifying a negative value is not recommended and should be treated as a bad security practice.

Please find out more about various options in sudoers on its command line manual page.

If you have any questions or feedback, feel free to leave a comment.

Leave a Reply