-2
在linux中,如果我打開終端模擬器並運行命令sudo
,它會提示輸入密碼。但隨後的sudo
調用不會提示輸入密碼。如果有人在ssh shell中調用passwd,我是否需要sudo作爲sudo?
但是,如果在用戶第一次在終結器模擬器窗口內進行身份驗證之後,用戶的密碼與passwd
一起更改會怎樣? sudo
是否順利通過,還是需要用戶再次輸入?
在linux中,如果我打開終端模擬器並運行命令sudo
,它會提示輸入密碼。但隨後的sudo
調用不會提示輸入密碼。如果有人在ssh shell中調用passwd,我是否需要sudo作爲sudo?
但是,如果在用戶第一次在終結器模擬器窗口內進行身份驗證之後,用戶的密碼與passwd
一起更改會怎樣? sudo
是否順利通過,還是需要用戶再次輸入?
取決於配置在/ etc/sudoers文件
通常羯羊它在時間的變化與否,用戶可以調用sudo的長達5分鐘,而無需再次輸入密碼,但可以重新配置在/ etc/sudoers文件
看到男人的sudoers 搜索timestamp_timeout
我的系統上讀取
timestamp_timeout
Number of minutes that can elapse before sudo will ask for
a passwd again. The timeout may include a fractional com‐
ponent if minute granularity is insufficient, for example
2.5. The default is 5. Set this to 0 to always prompt
for a password. If set to a value less than 0 the user's
time stamp will not expire until the system is rebooted.
This can be used to allow users to create or delete their
own time stamps via 「sudo -v」 and 「sudo -k」 respectively.
and
sudoers uses per-user time stamp files for credential caching. Once a user
has been authenticated, a record is written containing the uid that was used
to authenticate, the terminal session ID, and a time stamp (using a mono‐
tonic clock if one is available). The user may then use sudo without a
password for a short period of time (5 minutes unless overridden by the
timestamp_timeout option). By default, sudoers uses a separate record for
each tty, which means that a user's login sessions are authenticated sepa‐
rately. The tty_tickets option can be disabled to force the use of a single
time stamp for all of a user's sessions.