[sudo-users] Disable credential caching at the user level
Jason Franklin
jason at oneway.dev
Tue Dec 27 19:23:06 MST 2022
On Tue, Dec 27, 2022 at 03:28:52PM -0700, Todd C. Miller wrote:
> On Tue, 27 Dec 2022 16:30:43 -0500, Jason Franklin wrote:
> > Is it possible to disable credential caching at the user level even if
> > the system policy allows it?
> >
> > I would like the ability to disable "sudo" credential caching for my
> > user with my dotfiles without having to bother the admin or alter site
> > policy.
>
> I suppose you could alias sudo to "sudo -k". For example:
>
> alias sudo="sudo -k"
>
> That would only work for interactive use and not in shell scripts.
> Using a shell function instead of an alias is another option.
Yes, an alias or a wrapper script seems like the best I can do at the
moment. As you noted, there will always be situations where the alias
or wrapper might be bypassed. :/
I do wish there were some way to inform sudo that I don't want my
credentials cached in any context.
I suppose a wrapper will do for now. :)
Thanks,
--
Jason Franklin
More information about the sudo-users
mailing list