当我sudo用来安装某些软件、更新我的系统或任何其他需要我同意的操作时(即说y或n在系统可以继续之前),我只是第一次被要求批准该操作。如果之后我决定sudo再次使用,它不会征求我的同意,而只会执行任务。
所以我的问题是:为什么会这样,我怎样才能让它总是征求我的同意?
从 man sudoers
sudoers uses time stamp files for credential caching. Once a user has
been authenticated, the time stamp is updated and the user may then use
sudo without a password for a short period of time (5 minutes unless
overridden by the timeout option).
timestamp_timeout
Number of minutes that can elapse before sudo will ask
for a passwd again. The timeout may include a frac-
tional component if minute granularity is insufficient,
for example 2.5. The default is 5. Set this to 0 to
always prompt for a password. If set to a value less
than 0 the user's time stamp will never expire. This
can be used to allow users to create or delete their
own time stamps via ``sudo -v'' and ``sudo -k'' respec-
tively.
这意味着您可以运行visudo并添加以下行:
Defaults timestamp_timeout=0
有了这个值,我们可以看到没有凭据缓存:
$ sudo id
[sudo] password for sweh:
uid=0(root) gid=0(root) groups=0(root)
$ sudo id
[sudo] password for sweh:
uid=0(root) gid=0(root) groups=0(root)
$
| 归档时间: |
|
| 查看次数: |
79 次 |
| 最近记录: |