[sudo-users] retrieving the remain time of a cached credential
Dennis Schwartz
dennis.schwartz at protonmail.com
Tue Sep 17 10:27:42 MDT 2019
Hi,
I was wondering if it is possible to get the time left before a cached
credential expires.
I understood that sudo stores the timeout information for credential
caching in the file `/var/run/sudo/ts/<user>`. While this file is not
readable by anyone except root, I was wondering if it is still possible
for a normal user to check if the user their credentials are cached or
not *without updating the timestamp file*.
After some searching on the Internet, I found two techniques to check
if a user has its credential cached:
* `sudo -S </dev/null true 2>/dev/null; echo $?` [1]
(doesn’t send a security email)
* `sudo -n true 2>/dev/null; echo $?` [1,2]
(sends a security email)
However, both these commands update the cached credential while I only
want to check whether a credential is cached or not.
The only workaround I have seen, is to prevent sudo from writing to the
timestamp file by temporarily setting `limit filesize 0`. (Which might
be considered a security issue since it prevents sending the email as
well.)
Is there a recommended way of achieving this?
Kind regards,
Dennis
[1] https://askubuntu.com/questions/838850/
[2] https://unix.stackexchange.com/questions/412609/
More information about the sudo-users
mailing list