sudo-agent
John E Hein at work
jhein at timing.com
Tue Jun 12 15:19:31 EDT 2001
> Date: Tue, 12 Jun 2001 11:42:04 +1000
> From: Barnaby Brown <barnaby_brown at pacific.net.au>
> To: sudo-users at courtesan.com
> Subject: Re: sudo-agent
>
> On Mon, Jun 11, 2001 at 06:42:51PM -0600, John E Hein at work wrote:
> > I have the need to be able to run a script that takes a long time that
> > only needs sudo privs at a few strategic points in the script.
> >
> > I would like to be able to enter my password at the beginning of the run,
> > but not run as su until a sudo is actually executed. In essence something
> > could securely store the sudo credential until needed.
>
> That would be a 'sudo -v', as I see you already know.
>
> To avoid the 5 minute timeout, override the 'timestamp_timeout' setting
> in sudoers.
>
> If you're running this as the 'build' user, something like:
>
> Defaults:build timestamp_timeout=1440
>
> That will keep authentication for 24 hours for that user.
>
> To return some semblance of security, you might want to restrict that
> user's authentication ticket to the one tty:
>
> Defaults:build timestamp_timeout=1440,tty_tickets
But I don't want to change the defaults. They are fine most of the time.
Also I don't want someone to be able to come along, kill my script and
get sudo privs because the timeout is so long. I would prefer that the
sudo priv simply goes away if the script exits.
More information about the sudo-users
mailing list