When using sudo on Linux, it asks for root password, but only the first time you run it. If you run another sudo command, it remember you already entered the password previously and doesn't ask for it:
thomas@ubuntu:~$ sudo id
[sudo] password for thomas: ******
uid=0(root) gid=0(root) groups=0(root)
thomas@ubuntu:~$ sudo id
uid=0(root) gid=0(root) groups=0(root)
How does sudo do it? Where is this information stored? My idea is that it remembers the terminal id (like pts/1), but where is this stored? The first sudo process is ended when it's done with the command, right?
I know sudo is a setuid program, so it has root's privileges all the time, but I still can't think of a good place to store an information that a user has already entered a password. Is there some daemon process involved?
Best Answer
It's probably under
/var/db/sudo
or/var/run/sudo
and you'll probably find directories of usernames with files under them ordered by tty number.The actual privileges granted, including how long the sessions lasts before you have to enter your password again depends on how sudoers is setup. There's settings to grant/restrict a lot of different things, but those aren't stored in these files which only store timestamps. How long a session lasts, or when sudo needs to prompt for your password again, is determined by a delta of current time and the session timestamp in this directory, and how long sudo is setup to allow a session to last.