For some reason, I suddenly do not need to enter the password when issuing sudo some_cmd.
Entered command just runs without ever prompting password, even if I am not logged in as user root. Commands that need root privileges still need to be invoked with sudo though. I am on Ubuntu 10.04.
Any idea what might have caused this?
Best Answer
Say
sudo -K, then retry your test. If it starts asking again, all that was happening is that you hadsudoconfigured to remember your password for some time.On top of this, Ubuntu's default
sudoconfiguration makes it remember your credentials acrossttys. This affectssshsessions, as you've discovered, since each newsshconnection looks like a new terminal to the low-level OS code.This also affects things like the graphical Terminal app. If you authenticate with
sudo, then create a new tab with Ctrl-Shift-T, you'll find that you don't need to give a password tosudoagain in that tab, despite the fact that it also creates a newtty. You can even close the Terminal app entirely, and as long as you restart it within the normal password timeout,sudowill run without requiring you to re-enter your password. This behavior may be enough to make you decide you want to keep this feature enabled.Mac OS X works this way these days, too.
Not all *ixes do. Red Hat Enterprise Linux (and derivatives like CentOS) insist on getting the password on each new
tty.You can disable both behaviors by changing the
Defaultsline in/etc/sudoersto something like this:The
env_resetbit should be there already, and isn't relevant hereThe
timestamp_timeoutdirective tells it to immediately time out eachsudosession. It's like sayingsudo -Kafter every normalsudocommand.The
tty_ticketsdirective ensures that it associates credentials with thettythey were used on, not just the user name. This is supposed to be the default already, and is documented as such on Ubuntu, but they must have built their distribution ofsudoto disable this option, for the convenience reasons given above.