sudo-agent
Barnaby Brown
barnaby_brown at pacific.net.au
Mon Jun 11 21:42:04 EDT 2001
On Mon, Jun 11, 2001 at 06:42:51PM -0600, John E Hein at work wrote:
> I have the need to be able to run a script that takes a long time that
> only needs sudo privs at a few strategic points in the script.
>
> I would like to be able to enter my password at the beginning of the run,
> but not run as su until a sudo is actually executed. In essence something
> could securely store the sudo credential until needed.
That would be a 'sudo -v', as I see you already know.
To avoid the 5 minute timeout, override the 'timestamp_timeout' setting
in sudoers.
If you're running this as the 'build' user, something like:
Defaults:build timestamp_timeout=1440
That will keep authentication for 24 hours for that user.
To return some semblance of security, you might want to restrict that
user's authentication ticket to the one tty:
Defaults:build timestamp_timeout=1440,tty_tickets
Barnaby
--
Barnaby Brown - Systems Engineer
Pacific Internet (Australia) Pty Ltd - http://www.pacific.net.au
More information about the sudo-users
mailing list