How to Change Sudo Password Timeout

How to Change Sudo Password Timeout

Sudo privileges allow a user to perform the administrative task on a Linux OS. When we execute a command as sudo, the system asks you to first enter the sudo password. However, for other commands that you run soon after the first command, you are not asked for sudo passwords. This privilege lasts for 15 minutes and within this time, you can use sudo without a password. After 15 minutes of inactivity, each command you run as sudo will ask for the sudo password. This is good as you will not have to worry that someone will gain access and run any administrative command if you are away from your system.

However, there are scenarios when you need this timeout to be less or a little longer than the default value. For example, you may want the system to prompt for a sudo password every time a sudo command is executed. Similarly, you may want the sudo timeout to be a little longer in the case where you are the only person who has physical access to your system.

This post is about how to change sudo password timeout in Linux OS. We will be using Ubuntu 20.04 LTS for demonstration. The same method can be used in other Linux distributions.

Note: If you want to assign a user sudo privileges, visit our guide on How to Add a User to Sudoers on Ubuntu.

Change Sudo Password Timeout

As already discussed, the default time limit for a sudo session is 15 minutes. You can change the default settings from the sudoers file. The steps are as follows:

1. Edit the sudoers file using the command below in Terminal:

$ sudo visudo

Enter sudo password. If you are using Ubuntu OS, the sudoers file will open in Nano editor, for other OS, it may open in Vi.

2. Scroll down to the end of the file and append the below line:

Defaults timestamp_timeout=x

Where “x” is the number of minutes you want sudo to wait before asking you for your password.

This line will change the sudo password timeout for all users on the system. To change the timeout value for a specific user, use the following command instead:

Defaults:user timestamp_timeout=x

If you use “-1” for x, you will not be prompted for a sudo password until you reboot. If you use “0” for x, you will be prompted for a sudo password for each command you run.

Reset Sudo Password Timeout

You can also reset the sudo password timeout by clearing the cached credentials of the user. Teh command is as follows:

$ sudo -k

By doing so, you will be prompted to enter password for the next sudo commands even before the time limit has been reached.

That’s it! I hope now you can easily change the sudo password timeout by adding a single entry in the sudoers file. If you are using Vi instead of Nano, follow the instructions described here.

Similar Posts