Sudo Scripting – How to Temporarily Disable Sudo Credentials Timestamp Timeout

scriptingsudo

Let's say, I have the following bash script:

#!/bin/bash
sudo command1
command2
sudo command3

I don't want to run command2 as root, so I won't run the script itself with sudo. Therefore, as soon as I execute the script, sudo command1 asks for my password. Unfortunately, command2 takes about 2 hours to complete. So the sudo credentials timestamp timed out and when the script reaches sudo command3, I'm prompted for the password again.

I don't want to permanently disable the sudo credentials timestamp timeout altogether as described in https://superuser.com/a/149740 for example. I just want to disable the timeout temporarily, effectively keep the credentials for this one bash session until it ends.

Best Answer

I think your best bet is a (backgrounded) busy-wait loop that refreshes the sudo timestamp, which you then kill when you no longer need sudo privileges. Here's a sample script; it runs sleep 6 instead of your two-hour command2 and runs visible /bin/echo commands instead of command1 and command2:

#!/bin/sh
sudo /bin/echo command 1
while :; do sudo -v; sleep 1; done &
infiloop=$!
sleep 6
sudo /bin/echo command 3
kill "$infiloop"

For your actual script, I would recommend a looser loop:

#!/bin/sh
sudo command1
while :; do sudo -v; sleep 59; done &
infiloop=$!
command2
sudo command3
kill "$infiloop"

Adjust the sleep 59 to taste, depending on the existing timestamp_timeout setting in sudoers; I chose 59 just to demonstrate a choice you could make if the timestamp timeout was 60 seconds.

Related Question