Linux – a safer no password sudo


Ok, here's my problem – Please don't yell at me for being insecure! 🙂 This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

Best Answer

Try adding this to your sudo options:

Defaults timestamp_timeout=0, tty_tickets

tty_tickets option (on by default) will make sudo ask password if it was not asked previously in that particular tty (including terminal emulators ptys), and timestamp_timeout=0 option will make it not ask it again in the whole session.

So, when you want to do some administrative operations, you can open terminal, sudo something, close it, and you will be safe again.