John E Hein at work jhein at
Tue Jun 12 15:19:31 EDT 2001

 > Date: Tue, 12 Jun 2001 11:42:04 +1000
 > From: Barnaby Brown <barnaby_brown at>
 > To: sudo-users at
 > Subject: Re: sudo-agent
 > On Mon, Jun 11, 2001 at 06:42:51PM -0600, John E Hein at work wrote:
 > > I have the need to be able to run a script that takes a long time that
 > >  only needs sudo privs at a few strategic points in the script.
 > > 
 > > I would like to be able to enter my password at the beginning of the run,
 > >  but not run as su until a sudo is actually executed.  In essence something
 > >  could securely store the sudo credential until needed.
 > That would be a 'sudo -v', as I see you already know.
 > To avoid the 5 minute timeout, override the 'timestamp_timeout' setting
 > in sudoers.
 > If you're running this as the 'build' user, something like:
 > Defaults:build		timestamp_timeout=1440
 > That will keep authentication for 24 hours for that user.
 > To return some semblance of security, you might want to restrict that
 > user's authentication ticket to the one tty:
 > Defaults:build		timestamp_timeout=1440,tty_tickets

But I don't want to change the defaults.  They are fine most of the time.
 Also I don't want someone to be able to come along, kill my script and
 get sudo privs because the timeout is so long.  I would prefer that the
 sudo priv simply goes away if the script exits.

More information about the sudo-users mailing list