Advanced tips and tricks for using sudo
Now that we've looked at the basics of setting up a good sudo configuration, we're confronted with a bit of a paradox. That is, even though sudo is a security tool, certain things that you can do with it can make your system even more insecure than it was. Let's see how to avoid that.
The sudo timer
By default, the sudo timer is set for 5 minutes. This means that once a user performs one sudo
command and enters a password, he or she can perform another sudo
command within 5 minutes without having to enter the password again. Although this is obviously handy, it can also be problematic if users were to walk away from their desks with a command terminal still open. If the 5 minute timer hasn't yet expired, someone else could come along and perform some root-level task. If your security needs require it, you can easily disable this timer by adding a line to the Defaults
section of the sudoers
file. This way, users will have to enter their passwords every...