On Tuesday 16 October 2018 11:37:44 Greg Wooledge wrote: > On Tue, Oct 16, 2018 at 11:28:44AM -0400, Gene Heskett wrote: > > Since leaving a sudo -i laying about is considered a security > > breach, I'm amazed that the -i option doesn't accept a timeout. Say > > in seconds, as if you think it will take 5 minutes to do the job as > > root, sudo -i300, at the ends of which it expires. > > You could set the TMOUT variable in the resulting shell, either > manually or by a setting in some rc file (e.g. /root/.bashrc if that's > what the shell reads).
This would be about as handy as a 2x2 alongside the ear, by making it automatic but fixed. On this machine, 10 minutes is a great plenty to run synaptic, but on the pi, 20 minutes or more would be needed. So whats wrong with the sudo timeout being set at the launch time? And sitting here thinking, thats not a bad idea as you could set a shorter time than it takes to do whatever, in the meantime its timed out, so whenever that utility gets done, the su has long since timed out, leaving no exposure when whatever was launched with root priv's keeps on doing what it does. Best of both IMO. Something to consider, Greg, and thank you. -- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
