Sudo is almost perfectly configured out of the box but the one thing I find a little irritating is the short default timeout for the session. I’m not against having a timeout but I’m the only person that has physical access to my machine and if some has gained remote access and has set up a sudo session once then having a five minute timeout doesn’t really help. Also, when I work at the command prompt I tend to do so for an extended period taking frequent short breaks to check notes or read up on what I’m doing, having to re-enter my password after every break gets boring fast. For those reasons I up the timeout of a sudo session.
Editing the sudo configuration is a little different to most configuration files as it’s very important you don’t screw up. For that reason there is a special tool called visudo. Visudo, amongst other things, locks the /etc/sudoers file to prevent multiple people editing it at the same time and performs some sanity checks to prevent some bad configurations.
To begin editing the configuration of sudo enter the command:
sudo visudo
At the top of the configuration file you’ll see some settings like this:
Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
After the first line add the setting:
Defaults timestamp_timeout=30
This will give you a session of 30 minutes rather than the default 5. Save the file and exit the editor and you’re done.
It is possible to totally disable the password prompt for a particular user with the command:
Defaults:username !authenticate
I strongly advise against that though as it’s a security disaster.