How to change the time limit for a sudo session

When performing some administrative tasks on the command line with sudo privileges, you might notice this situation: if you enter the sudo password, the command will work fine. For subsequent commands that run shortly after the first sudo command, no password is required. However, after some waiting, if you run the command again with sudo, it will ask for a password. This is all due to the sudo session timeout limit, which defaults to 15 minutes. This time limit means that if you enter the sudo command with a password, your sudo privileges will remain for 15 minutes. This way you do not have to enter the password again for subsequent commands. After 15 minutes, you will have to re-enter the sudo password for any sudo command that you are trying to run.

As a regular system user or administrator, you can increase or decrease this default timeout limit for a sudo session. In this article, we will learn how to change the default restriction for a sudo session. To do this, we will need to make changes to the sudoers file. Please note that we performed the procedure on a Debian 10 system, but it will work on other Linux distributions, such as Ubuntu. The same procedure can be performed on older versions of Debian.

Specify the time for the sudo session

First open a terminal on your Debian OS. Click on the “Actions” tab in the upper left corner of the desktop. Then in the search bar enter the keyword terminal. When the search result appears, click on the terminal icon.

In Terminal, enter the following command to edit the sudoers file.

$ sudo visudo

Remember, do not edit the sudoers file with text editors. Instead, use the above method for this purpose.

When prompted for a password, enter the password for the user sudo. The Sudoers file will open by default in the nano editor, as shown in the following screenshot. Now find the following line in the sudoers file:

Defaults env_reset

Default is env_reset

Edit the above line by adding timestamp_timeout = x to end. It should be:

Defaults env_reset timestamp_timeout=x

Where x is the timeout value that he will wait before requesting sudo password again. If you want the system to ask for a password every time you run the sudo command, set the x value to 0. If you want the system to never ask for the sudo password, set x to -1.

Here we want to reduce the timeout value from 15 minutes to 5 minutes for the sudo prompt. To do this, we replaced x with 5 as follows:

Defaults env_reset,timestamp_timeout=5

15 minute timeout

After that, press Ctrl + o and Ctrl + x to save and exit the file at the same time.

Set sudo session to last until terminal closes

Using a single command, you can allow your terminal’s session to continue until you close the terminal, no matter how long the terminal remains open. After executing the following command, you will not be asked to enter a password for sudo commands.

$ sudo -s

End a sudo session

After you enter the password for sudo, you can pause the sudo session even before the timeout specified in the sudoers file expires. To do this, use the following command:

$ sudo –k

Please note that the above command will not end the session if you run the sudo –s command during a terminal session.

That is all there is to it! I hope this is useful whenever you need to change the time limit for a sudo session. All you need to do is just add one line to your sudoers file and that’s it.

How to change the time limit for a sudo session