Barnaby Brown barnaby_brown at
Mon Jun 11 21:42:04 EDT 2001

On Mon, Jun 11, 2001 at 06:42:51PM -0600, John E Hein at work wrote:
> I have the need to be able to run a script that takes a long time that
>  only needs sudo privs at a few strategic points in the script.
> I would like to be able to enter my password at the beginning of the run,
>  but not run as su until a sudo is actually executed.  In essence something
>  could securely store the sudo credential until needed.

That would be a 'sudo -v', as I see you already know.

To avoid the 5 minute timeout, override the 'timestamp_timeout' setting
in sudoers.

If you're running this as the 'build' user, something like:

Defaults:build		timestamp_timeout=1440

That will keep authentication for 24 hours for that user.

To return some semblance of security, you might want to restrict that
user's authentication ticket to the one tty:

Defaults:build		timestamp_timeout=1440,tty_tickets

Barnaby Brown                            -              Systems Engineer
Pacific Internet (Australia) Pty Ltd     -

More information about the sudo-users mailing list