What do you think of the sudo timeout / grace period?

[aysiu]

You may not be aware of this behavior, but when you perform an administrative function (for example, installing a new program), your authentication gets cached for a bit (15 minutes, I believe... maybe 5 minutes), and you won't be prompted again for your password if you perform a second or third administrative function within that grace period (otherwise known as the sudo timeout).

I'm not sure what to think of this.

On the one hand, it seems rather insecure. After all, isn't the whole point of having password authentication that it provides a layer of security? Would it be possible for something to piggyback your authentication and launch some kind of malware without your permission? And, if not, why have password authentication at all? Why not keep it permanently cached?

On the other hand, assuming it isn't the optimal security implementation, would getting rid of the timeout just frustrate new users even more and bring us more "I just want to log in as root all the time! This is my computer, after all" threads? In other words, would tightening that security just lead to more people getting rid of the security measure altogether?

What do you think?

Like the sudo timeout? Don't like it and want to get rid of it? Don't like it but think the alternative would be worse? Don't really care? Didn't even notice there was one?

I'm really curious as to what people's opinions on this are.

Thanks in advance for your two cents or pence (or whatever a pittance is in your currency).

[will1911a1]

It always made me nervous. I'm much more comfortable using su to log in as root and then exiting out after I'm done.

[Mazza558]

It can be summed up in 3 words:

A Necessary Evil.

It's a compromise between security and usability.

[insane_alien]

i think its fine. nobody but me can sudo and i only very rarely use it at that.

if you use sudo all the time and you are not a sysadmin of a large network then your using your computer wrong.

[FuturePilot]

I feel the same as aysiu. I'm not sure. In a way it's a little more convenient. You can perform multiple administrative tasks in that period and only have to enter your password once. But I've often wondered myself if it would be possible for some code to execute itself as root within that time period. But I think if we were to get rid of it and require the password every time you perform an administrative task, we would start seeing comments like "it's Vista UAC, Aaahhh!"

[jken146]

I usually change the timeout to zero (in case anyone's interested, you add ,timestamp_timeout=0 to the Defaults line in /etc/sudoers) but that is more to protect me from my own typos and silly mistakes than from outside threats.

This issue is really a little moot for those who know the command sudo -i

[Xzallion]

I really like it. I can't really see any easy way for it to be exploited (I can see ways, but I think I would catch them.) It really makes it easy on a fresh install to get what you need, and do a few commands without being slowed down.

I think it should be configurable and be allowed to be disabled for users that it bothers, but for me I hope it stays. Its done nothing but make my (K)Ubuntu experience more enjoyable.

[Xzallion]

Sorry, for some reason it double posted.

[munkyeetr]

I always disable the grace period. I don't mind plugging in a password.

[phrostbyte]

I completely support it. I don't want Ubuntu to turn into the Vista UAC mess.

Besides it's easily configurable (via config files). In the future though I think Ubuntu should have an Administration applet that lets you configure many different security aspects for yourself in a user friendly manner. Some systems need the better security, and eliminating the grace period and interactive login makes sense (for instance in corporate networks).