[sudo-users] Comparing -k and -K
Jason Franklin
jason at oneway.dev
Tue Dec 27 18:58:45 MST 2022
On Tue, Dec 27, 2022 at 03:35:18PM -0700, Todd C. Miller wrote:
> On Tue, 27 Dec 2022 16:33:11 -0500, Jason Franklin wrote:
> > If I want to revoke permissions in my ~/.bash_logout file, which one of
> > these options is recommended?
> >
> > Is "-K" better/stronger than "-k"?
>
> It depends what you want to achieve. The cached credential file
> generally holds multiple credentials. For example, there is a
> seperate entry for each terminal the user logged in to. Running
> "sudo -k" will invalidate the credentials for the current terminal
> session but will not affect other sessions. Running "sudo -K" will
> remove the entire credential file so it affects all sessions.
Aha! That does explain the difference.
Now I understand why people use "-k" in their logout scripts.
Thank you!
--
Jason Franklin
More information about the sudo-users
mailing list