3

For some reason, I suddenly do not need to enter the password when issuing sudo some_cmd.

Entered command just runs without ever prompting password, even if I am not logged in as user root. Commands that need root privileges still need to be invoked with sudo though. I am on Ubuntu 10.04.

Any idea what might have caused this?

Improve this question
3
  • "Commands need root password still need to be invoked with sudo though" - I have problems understanding that. Commented Jun 21, 2013 at 16:12
  • @HaukeLaging, sorry if any confusion, what i meant is that for certain commands, you will still need to do sudo cmd instead of just cmd. But now sudo cmd does not ask me for password any more. Commented Jun 21, 2013 at 16:22
  • Marius Ducea seems to explain all options for sudo settings very well in this article. It covers the topic of PASSWD/NOPASSWD etc. Refer link below: ducea.com/2006/06/18/… Commented May 5, 2015 at 22:52

1 Answer 1

Reset to default
8

Say sudo -K, then retry your test. If it starts asking again, all that was happening is that you had sudo configured to remember your password for some time.

On top of this, Ubuntu's default sudo configuration makes it remember your credentials across ttys. This affects ssh sessions, as you've discovered, since each new ssh connection looks like a new terminal to the low-level OS code.

This also affects things like the graphical Terminal app. If you authenticate with sudo, then create a new tab with Ctrl-Shift-T, you'll find that you don't need to give a password to sudo again in that tab, despite the fact that it also creates a new tty. You can even close the Terminal app entirely, and as long as you restart it within the normal password timeout, sudo will run without requiring you to re-enter your password. This behavior may be enough to make you decide you want to keep this feature enabled.

Mac OS X works this way these days, too.

Not all *ixes do. Red Hat Enterprise Linux (and derivatives like CentOS) insist on getting the password on each new tty.

You can disable both behaviors by changing the Defaults line in /etc/sudoers to something like this:

Defaults=env_reset,timestamp_timeout=0,tty_tickets

  • The env_reset bit should be there already, and isn't relevant here

  • The timestamp_timeout directive tells it to immediately time out each sudo session. It's like saying sudo -K after every normal sudo command.

  • The tty_tickets directive ensures that it associates credentials with the tty they were used on, not just the user name. This is supposed to be the default already, and is documented as such on Ubuntu, but they must have built their distribution of sudo to disable this option, for the convenience reasons given above.

Improve this answer
3
  • sudo -K works, but i wonder why sudo remember my password for some time even if i log in using a fresh ssh session (after quitting the previous session in which sudo was issued). Commented Jun 21, 2013 at 16:46
  • 1
    @MLister you can override that using the sudoers arguments, as the answer here states. Add timestamp_timeout=0 to the Defaults= line in /etc/sudoers and it will prompt for the password for every sudo command. Commented Jun 21, 2013 at 18:02
  • @MLister it's how Ubuntu makes things look user-friendly. What it is security-wise is another story. Commented Jun 21, 2013 at 19:09

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.