As an Amazon Associate I earn from qualifying purchases @AMAZON
Extending the 'sudo' Timeout
Related: command line, how-to, optimization, passphrase, security, sudo, Terminal.app
This is a technical article. It deliberately does not explain too much.
In Terminal, the 'sudo' command can be a hard requirement for getting things done in some cases. But timeout can be an issue; it’s inconvenient to enter a password frequently.
On my daily machine at home, I am not concerned about a stranger walking up and having access to the computer. Since the timeout for 'sudo' is too short, so I like to increase it to 30 minutes.
sudo visudo
Navigate down with arrow keys, then add this line for 30-minute timeout:
# your comment goes here
Defaults timestamp_timeout=30
See also
sudo -k // requires password every time; does not create timestamp file
sudo -K // forces password re-entry (deletes timestamp file)
Example sudoers file (/private/etc/sudoers)
Shown below is the sudoers file with a timeout of 30 minutes.
Use 'sudo visudoers' to edit, or with care, plain text editor such as TextWrangler.
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
Defaults env_reset,timestamp_timeout=30
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
%admin ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload
%users ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload
ALL ALL= NOPASSWD: /sbin/kextload, /sbin/kextunload