How to make sudo require a password for each attempt.
By default sudo has its own cache which allows users who have authenticated, to bypass subsequent authentications for 5 minutes. At which time the next sudo request will require them to enter their password again. This holds true even if the user logs out of the system and back in. As long as it has been within 5 minutes, their sudo request will not require a password.
This behaviour can be controlled by added the following line to the sudoers file. This option is set in minutes, 5 being the default if no entry is found.
Defaults timestamp_timeout = 0
This needs to be added using the visudo editor.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center