多次使用 sudo 时系统未征求我的同意

Question 1

从man sudoers

 sudoers uses time stamp files for credential caching.  Once a user has
 been authenticated, the time stamp is updated and the user may then use
 sudo without a password for a short period of time (5 minutes unless
 overridden by the timeout option). 

 timestamp_timeout
                   Number of minutes that can elapse before sudo will ask
                   for a passwd again.  The timeout may include a frac-
                   tional component if minute granularity is insufficient,
                   for example 2.5.  The default is 5.  Set this to 0 to
                   always prompt for a password.  If set to a value less
                   than 0 the user's time stamp will never expire.  This
                   can be used to allow users to create or delete their
                   own time stamps via ``sudo -v'' and ``sudo -k'' respec-
                   tively.

这意味着您可以运行visudo并添加此行：

Defaults timestamp_timeout=0

通过该值，我们可以看到没有凭证缓存：

$ sudo id
[sudo] password for sweh: 
uid=0(root) gid=0(root) groups=0(root)
$ sudo id
[sudo] password for sweh: 
uid=0(root) gid=0(root) groups=0(root)
$

Answer

从man sudoers

 sudoers uses time stamp files for credential caching.  Once a user has
 been authenticated, the time stamp is updated and the user may then use
 sudo without a password for a short period of time (5 minutes unless
 overridden by the timeout option). 

 timestamp_timeout
                   Number of minutes that can elapse before sudo will ask
                   for a passwd again.  The timeout may include a frac-
                   tional component if minute granularity is insufficient,
                   for example 2.5.  The default is 5.  Set this to 0 to
                   always prompt for a password.  If set to a value less
                   than 0 the user's time stamp will never expire.  This
                   can be used to allow users to create or delete their
                   own time stamps via ``sudo -v'' and ``sudo -k'' respec-
                   tively.

这意味着您可以运行visudo并添加此行：

Defaults timestamp_timeout=0

通过该值，我们可以看到没有凭证缓存：

$ sudo id
[sudo] password for sweh: 
uid=0(root) gid=0(root) groups=0(root)
$ sudo id
[sudo] password for sweh: 
uid=0(root) gid=0(root) groups=0(root)
$

Question 2

Sudo 会在给定时间内记住您的密码（默认为 5 分钟）。有些人发现，当他们连续输入许多带前缀的命令时，这很方便。您可以通过编辑（以 root 身份）文件并更改来sudo禁用此功能/etc/sudoers

timestamp_timeout=N

到

timestamp_timeout=0

稍后，如果您发现自己想要以 root 身份执行许多命令，您可以随时输入sudo su它将以 root 身份打开一个新 shell。

信用：https://scottlinux.com/2012/08/04/change-sudo-default-password-timeout/

Answer

Sudo 会在给定时间内记住您的密码（默认为 5 分钟）。有些人发现，当他们连续输入许多带前缀的命令时，这很方便。您可以通过编辑（以 root 身份）文件并更改来sudo禁用此功能/etc/sudoers

timestamp_timeout=N

到

timestamp_timeout=0

稍后，如果您发现自己想要以 root 身份执行许多命令，您可以随时输入sudo su它将以 root 身份打开一个新 shell。

信用：https://scottlinux.com/2012/08/04/change-sudo-default-password-timeout/

多次使用 sudo 时系统未征求我的同意

答案1

答案2

相关内容