Sudo Or Die
January 14th, 2010Dave Dribin offers a couple really handy tips for modifying the behavior of the “sudo” command-line tool, which allows ordinary admin users to acquire superuser powers for editing files, changing permissions, etc.
Handy Sudo Settings – Dave Dribin’s Blog
I knew about the ability to change the sudo timeout, but have never gotten around to looking into exactly how it’s done. Now, I’ll be annoyed a lot less often when I’m in an “administrative” frame of work.
Dave’s post inspired me to finally do a little more research into sudo and the configuration options. For starters, now that I’ve upped my timeout value to something longer than the default 5 minutes, I might want to occasionally “logout” of my sudo authenticated session. The “kill” option does just this, putting you back in a “password required” state:
% sudo -k
As for the options Dave described, they and many others like them are described in the “sudoers” man page:
% man 5 sudoers
Hmm. What’s this option called insults? I turned it on, but Apple appears to have “cleaned up” this option in Mac OS X. It doesn’t do anything. On the Linux installation that runs red-sweater.com, I turned on the option to see what would happen:
yarn% sudo ls daniel's password: ... and it used to be so popular... daniel's password: You do that again and see what happens... daniel's password: It's only your word against mine. sudo: 3 incorrect password attempts
One of the things I love about UNIX heritage is the sense of humor that pervades most of the software. The Mac used to have much more of this itself. I guess we traded it in for a greater sense of professionalism and solidity, but I still miss the corny humor sometimes.