How to change sudo password timeout on Mac and Linux

307

When you run the change sudo password timeout on Mac and Linux, the timestamp timeout variable in the /etc/sudoers file tells it to remember the password for 15 minutes. So, you can run any other sudo command without giving the password during this time. After 15 minutes of sudo not being used, it asks for a password again.

By default, if you don’t use sudo for five minutes, it will always ask you for your password. This is great if you leave your computer for a while and don’t want to worry that after five minutes of inactivity, someone could come along and run a sudo command without entering a password first. This is a great way to set the timeout for the sudo password.

Just be smart about how you use this configuration setting. Don’t change all sudo timeouts to eight hours all at once, because that could lead to trouble. If you use this well, it could make your daily work as a Linux administrator a little easier or make your machines a little safer.

Change sudo password timeout on Mac

Adjusting the Sudo Password Expiration Timeout

From the command line, we’ll edit the sudoers file with the help of visudo – do not attempt to edit /etc/sudoers without visudo

• sudo visudo

Use the arrow keys to get to the end of the sudoers file, then type the following on a new line. You can add a comment by putting a hash # in front of it, so you can refer back to it later.

• Defaults timestamp_timeout=0

In this example, we’re using “0” as the timeout grace period. This means that sudo will only work for each command, and the password won’t be saved for the default five minutes. The number is in minutes, so you can set it to whatever you want. For our purposes, we’re using 0 to remove the sudo password grace period. You can also go the other way with -1, which is never a good idea because it makes the sudo grace period last forever.

Change Sudo Password Timeout In Linux

• To change sudo password timeout limit in Linux, run:
  • $ sudo visudo
• This command will open the /etc/sudoers file in nano editor.
• Find the following line:
  • Defaults env_reset
• And change it like below:
  • Defaults env_reset, timestamp_timeout=30

The right way to edit sudoers file

• Instead of directly making changes in the “/etc/sudoers” file, please consider adding local content in /etc/sudoers.d/. This is better approach to modify sudo password timeout limit.
  • Cd into “/etc/sudoers.d/” directory:
  • $ cd /etc/sudoers.d/
• Create a per-user configuration file using command:
  • $ sudo visudo -f sk
• Replace “sk” with your username in the above command.
• Add the following line in it:Defaults timestamp_timeout=30

FAQ

How do I make sudo timeout longer?

If you need to work with that user, I suggest you log in with SSH and run a command with the sudo command (such as sudo apt-get update). Wait six minutes or more, then give the command again. You shouldn’t have to enter a password for sudo. If you wait thirty minutes or more, you should be asked for that password.

How long does sudo password expire?

The user who uses a sudo command usually keeps the password for 5 minutes. However, if the user uses a sudo command, logs out of the server, and then logs back in before the 5 minutes are up, the system does not ask the user for a password.

How do I disable root password expiration?

If it’s not a good idea for the root password to ever expire, this feature can be turned off. To stop the root password from being used: You can use the console in vSphere or SSH to log in to the appliance. Run chage -M -1 root to turn off the timer for the root password.