As an Amazon Associate I earn from qualifying purchases @AMAZON
Extending the 'sudo' Timeout
Related: command line, how-to, optimization, passphrase, security, sudo, Terminal.app
This is a technical article. It deliberately does not explain too much.
In Terminal, the 'sudo' command can be a hard requirement for getting things done in some cases. But timeout can be an issue; it’s inconvenient to enter a password frequently.
On my daily machine at home, I am not concerned about a stranger walking up and having access to the computer. Since the timeout for 'sudo' is too short, so I like to increase it to 30 minutes.
Navigate down with arrow keys, then add this line for 30-minute timeout:
# your comment goes here
sudo -k // requires password every time; does not create timestamp file
sudo -K // forces password re-entry (deletes timestamp file)
Example sudoers file (/private/etc/sudoers)
Shown below is the sudoers file with a timeout of 30 minutes.
Use 'sudo visudoers' to edit, or with care, plain text editor such as TextWrangler.
# sudoers file. # # This file MUST be edited with the 'visudo' command as root. # Failure to use 'visudo' may result in syntax or file permission errors # that prevent sudo from running. # # See the sudoers man page for the details on how to write a sudoers file. # # Host alias specification # User alias specification # Cmnd alias specification # Defaults specification Defaults env_reset,timestamp_timeout=30 Defaults env_keep += "BLOCKSIZE" Defaults env_keep += "COLORFGBG COLORTERM" Defaults env_keep += "__CF_USER_TEXT_ENCODING" Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE" Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME" Defaults env_keep += "LINES COLUMNS" Defaults env_keep += "LSCOLORS" Defaults env_keep += "SSH_AUTH_SOCK" Defaults env_keep += "TZ" Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY" Defaults env_keep += "EDITOR VISUAL" # Runas alias specification # User privilege specification root ALL=(ALL) ALL %admin ALL=(ALL) ALL # Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now %admin ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload %users ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload ALL ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload