If a command is executed with and root password is provided, elevated privileges remains active for sometime and subsequent commands executed with sudo don’t ask for password.
This can be a security risk if user approves and provides password for one activity/script other activities can be performed in the time frame in which elevated rights remain active.
The elevated rights are kept in the terminal session for about 15 minutes.
So the user should always close the terminal session, when he’s done with the admin task.
4 Likes
This is default behavior and not a bug and not a security issue - close the terminal session - and it goes away.
EDIT 2020-10-30T14:38:00Z
Compare to leaving your workstation unlocked in a corporate environment - if you do - face the consequence.
1 Like
if you want to change it.
add or change the following in /etc/sudoers
Defaults timestamp_timeout=30
timestamp_timeout is in minute.
if you want to always have to put your password just set it to 0
Defaults timestamp_timeout=0
you can change it per user like this:
Defaults:username ......
maybe for groups too (I did not checked..)
Defaults:@groupename ......
but like said others… it’s just per terminal session. if you close the session you will need again your password whatever timeout is set
7 Likes
Title mod…removing [bug] as this is not a bug.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.