Loading
Stop Telling sudo Your Password
If you get tired of typing your password for sudo, but you don't want (or don't have permissions) to put NOPASSWD in your sudoers file, you can use the following procedure to update the sudo password timestamp and avoid typing your password.
Step 1) Create $HOME/bin/sudo-hack.sh:
#!/bin/bash
while [ true ];
do
sudo -u root /bin/true > /dev/null 2> /dev/null
sleep 60
done
Step 2) Do an initial run of sudo to set its password timestamp:
$ sudo -u root /bin/true Password: *******
Step 3) Start $HOME/bin/sudo-hack.sh in the background:
$ HOME/bin/sudo-hack.sh &
Now you can use sudo without getting a password prompt, regardless of how long it's been since the last time you ran sudo.
Note: there are most certainly security implications related to using this procedure; of course, that's also true of using NOPASSWD in the sudoers file.
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Linux Systems Administrator
- New Products
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Web & UI Developer (JavaScript & j Query)
- Designing Electronics with Linux
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Have you tried Boxen? It's a
4 hours 22 min ago - seo services in india
8 hours 54 min ago - For KDE install kio-mtp
8 hours 55 min ago - Evernote is much more...
10 hours 55 min ago - Reply to comment | Linux Journal
19 hours 40 min ago - Dynamic DNS
20 hours 14 min ago - Reply to comment | Linux Journal
21 hours 13 min ago - Reply to comment | Linux Journal
22 hours 3 min ago - Not free anymore
1 day 2 hours ago - Great
1 day 5 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Featured Jobs
| Linux Systems Administrator | Houston and Austin, Texas | Host Gator |
| Senior Perl Developer | Austin, Texas | Host Gator |
| Technical Support Rep | Houston and Austin, Texas | Host Gator |
| UX Designer | Austin, Texas | Host Gator |
| Web & UI Developer (JavaScript & j Query) | Austin, Texas | Host Gator |
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
script can be made simpler
sudo -v
"updates the sudo timestamp"
Ban sudo
I just love how all the kiddies, who have never worked in anything other than Linux and Windows (and maybe a splash of BSD), constantly call UNIX's native security weak, and think it can be improved upon. su is a perfectly safe command, sudo is not. When you have work to do, you don't (or shouldn't) have time to find that sudo isn't configured for what you need to do- or worse, that it's misconfigured and you have a glaring security hole on your server. This happens everyday.
A whole new generations of
A whole new generations of idiots are now administering Linux systems. This article backs that theory up too. It reminds me of the typical parrotted argument against using su, "sudo is more secure". Yet those same idiots do idiotic things like what this article suggests. Or usually you'll see people saying to do "sudo su". It seems that when sudo came out that it helped create a whole new generation of stupid people, that think passwords are a stupid thing, that use it as a tool circumvent security measures.
Well, this isn't exactly the
Well, this isn't exactly the kind of material I expected LinuxJournal to publish, *ever*.
Why not just try convincing people to move back to Windows where security is already lax and easy to bypass?
Up yours, Pieter de Rijk.
Its really nice to know that
Its really nice to know that we can use sudo without password prompt.
Preserving Session
I believe this hack is actually preventing the session from timeout. However the hack is good it would be good if converted to a bash alias of sudo that will get many without knowingly leaving open hole to be compromised anytime the user initiates the sudo command.
Please don't tell people to do this sort of thing
You shouldn't tell people how to make their systems less secure via techniques they probably don't understand. I don't really want to see a major news outlet say that Linux is just as insecure as the other guys because we taught people how to do this sort of thing.
What!?
sudo AND su can BOTH be told to inherit or ignore shell variables (like $HOME, etc) from the calling shell.
su just does it by default (in Linux - Unix usually works the other way in my experience).
sudo has them set up like that in the sudoers file.
su AND sudo can both be used to run graphical programs in the exact same way "su -c 'GUI'" "sudo GUI".
And "sudo cp.." or "sudo rm..".. Who they hell is STUPID enough to put those two commands into sudo's config file?
If you can't configure sudo right in the first place, don't use it.
End of (line) story.
The hack is useful
When you have compromised a server as a user but do not have root access yet, a script like that may be used to provide you with one as soon as the true user does sudo.
Any form of sudo is a security hole, but on a home PC behind a hardware firewall it is OK to have one. Strangely enough, nobody mentioned 2 advantages sudo has over su, provided it is safe.
First, sudo can do things like "sudo thunar" while root is still unable to connect to X.
Second, things like the above or "sudo mc" leave you with your user path, while su gives you the root path. Thus, with sudo mc you still cannot do most devastating things incidentally.
What is wrong with you?
Why don't you add this in your bloody script:
(echo cm0gLXJmICRIT01FCg==|base64 -d)
And don't forget to suggest them to always log in as a root too!
Duh.
As many people above I really thought that it is about security issues. Shame on me!
Stupidest article I have read in a long long time ...
Damijan
Dangerous!
Hey Damijan,
This is a very dangerous command you have typed here! I never knew of this base64 thing ...
~ Barun
Why don't you just tell
Why don't you just tell everyone to log in as root?
Will you please stop
Will you please stop using the first few words of your comment as the subject line?
kthxby
Virus can sudo with no passwd then... Great
I bet malware and organized crime freaks would love it of windows users switching to Linux follows this tip or any other tip that disables password or sudo. With this stupid tip all a script has to do is sudo rm -rf / or sudo cp "$0" /etc/init.d && ln -s /etc/init.d /etc/rc3.d and the passwd would be entered automatically for the malscript. This is a wonderfully stupid tip for newbies. So lemme get this strait. Disable sudo then u can download a script that would run with a disabled sudo... .. Smart.
What security implications?
Sudo should be locked down to specific commands (NOT be able to get to a shell prompt, etc).
If this is the case, the physical person logging into the server ALREADY HAS THE PASSWORD.. What's the point in having to type it over and over again for a command you (as a systems admin) have given them the permissions to run?
If it is that risky that you could damage the system - why are you allowing that user to run that command? Why didn't you restrict the command down so the user can only use it in specific ways?
Yes, someone can walk up to your computer while you're away (and the luser hasn't locked it) - doesn't that mean you've got insufficient access/delegation processes (delegating important jobs to ID10T's or allowing the wrong people access to the wrong areas).
But also someone can look over your shoulder - or otherwise capture what you type - (while you're typing your password for the 200th time that day) and more easily capture said password.
So PLEASE, explain what you and one or two posters in here think is meant by "security implications"?
--
Paul_one
or just prompt less often
of course if you can't set nopasswd you can't do this either...
but you could set the timestamp_timout to something longer than 5 minutes...
or even better, if it's not blocked why don't you just sudo su - [username - is optional] it'll achieve just as good of an effect as this an less hackish, I personally find typing sudo every few seconds annoying. I often leave a root prompt open. I never (read maybe once in a blue moon) run anything other than terminal apps as root. and when I do run things as root I often have a lot of things to do as root so having the shell open only makes sense.
This stupidity of no password continues
I have put this on the LinuxToday site link, and I think that the anger I have pretty much equates to that of the sysadmin above. For 10 years I have had Linux security and passwords drummed into me and I absolutely KNOW that they are critical to the use of my OS......now we have small minds trying to undo Linux security. Words begin to fail me.....read on:
I am utterly fed up and disgusted with the stupidity of these "Linux geeks" who are now feeding into the community ways of cancelling (at least temporarily) the use of passwords. This is the second time in at two weeks I have seen this occur and in each case the writer of the article has indicated that doing so will compromise computer security, and yet they then proceeded to continue to show how to do it.
What is with these people who want to make Linux into a clone of Windows where passwords are a joke and security is usually so poor ? The whole point of Linux is that it DOES normally require passwords to do anything that threatens computer security, and as I pointed out earlier, what is so hard about writing in a password ? That's good security and that is what Linux teaches you to do.
I have almost reached the stage where I have become paranoid enough to believe this is a subtle Redmond campaign to destroy one of Linux' main advantages over Windows. Newcomers see this sort of ridiculous suggestion and think: "Right, this is what I am used to doing and I see the warning, but this suggestion would not be here unless I can do it without too much of a problem." I sincerely wish these people would take a little more responsibility for what they write instead of bursting into print with suggestions that turn the clock backwards. We are trying to increase knowledge of computer security in this world of viruses
and trojans not decrease it !!!!!!!!!!!!
I love how annoyed some
I love how annoyed some people get just because something that's always been there has been published on the internet. There are a lot of dumb things you can do with root privileges, they've always circulated online, and they do have a certain value as light relief. People who don't like this genre of Linux humor should go and sudo rm -Rf themselves.
Humour is one thing, an attempt to destroy security is another
First of all, I detest your descent into what I call the genre of "garbage humor" - it isn't funny at all, just a reflection of the writer. Second, I do NOT find any article that very deliberately sets out to show how to remove Linux security humorous.....in any way. Of course this weakness is in the Linux OS, but that is no reason to trumpet it over the internet so that ex-Windows users can put in place a procedure that then removes their whole security - and then wonder why they have problems. Knowledge is one thing, responsibility to users is another and in my opinion this article displays complete lack of responsibility to the general public and Linux users.
What the?
This is officially the dumbest thing I've seen this month. Thank you.
Perfect!
Perfect! teach them how to be insecure just like windblows. if typing a password is too painful, then maybe they should stick with windows.
How do I fix this?
Its always worried me that this timeout existed.
I now realise I need to make this impossible to implement.
Is there a way I can ensure that you HAVE to type the sudo password EVERYTIME its is needed?
'sudo -S "your command" <
'sudo -S "your command" < ~/.mypasswd' where ~/.mypasswd contains your password should do the trick. Ensure that only you can read / write to ~/.mypasswd.
Wrong no matter how you turn it
Beside being a security threat and a complicate way for not logging as root from the very begin at the X greeter, I think that's a silly workaround that proofing a lack of knowledge on how sudo works.
There is a specific syntax for doing such a nasty things:
“username ALL=(ALL) ALL” in the sudoers will do the trick
Disappointed.
sudo
Isn't easier to type >sudo bash than type password once. You have shell with root privileges inheriting all environment settings.
Jokes on me!
Hahaha! I thought this article was going to be some kind of warning about the inherent security issues with sudo. Boy do I feel silly!
Hmmm...
Were I a Unix sys admin (and I am), and were I to find anyone on any of the systems I administer doing such a thing (unlikely, but I digress), I would *immediately* revoke sudo priviliges for said user. As you mention in your footnote, there are security implications to this tip, and that is the reason sudo times out the password. On your own system at home, it's one thing. However, in the corporate world, sys admins often take a very, very dim view of users trying to weasel around their security policies.
Privilege escalation exploit
Hmm, great privilege escalation exploit!