Password question.
Paul Rumelhart
godshatter at yahoo.com
Sun Nov 23 22:53:06 UTC 2008
Steven Vollom wrote:
> Let me see if I understand what you are suggesting. When I find this
> place to set its value, if I set the value at, let's say, -1, the system
> will stay in root until I shut down the system and only reappear when I
> boot again? I could still work from a shell, but when wanting to work
> in Root, I could click on a Root Shell and it would be password-entered
> when I did?
>
> I don't yet understand the purpose of timestamps via sudo -v and sudo -k
> respectively. Since you have read my situation, is this relevant to my
> need? It is my impression that passwords are basically to make a
> computer safe from hacker entry and from busy-eyes. Since I am alone,
> the only concern I see for me is my laptop, because I never have anyone
> in my home that I don't completely trust when I am on the computer. If
> the Water Meter reader came in to read the meter, I would simply stop
> working and attend to them, safe and secure. Most is for business
> related security, isn't it? Thanks!
>
> Steven
>
I think he's assuming that one reason you don't want to type a large
password into sudo all the time relates to your needing to use it fairly
often. By setting the timeout to a much larger value, you'll have to
type your password into sudo less often. If you generally need to do a
command that needs sudo once every couple of hours, then you'll end up
typing your password into sudo each time unless you make the timeout
last longer than two hours.
Depending upon your security concerns, you might want to make this a
smaller value than 300, but larger than 5. The five minute default is
meant to protect against someone sneaking in after you have left your
computer and typing a dangerous command in to mess with your system.
For that to work, they would have to be quick, lucky, and would have to
be really knowledgeable about what they're doing. From what it sounds
like to me, you should not have to worry much about having a higher
timeout value, since no one will be walking up and messing with your
computer while you are there. If someone breaks in, then they'll just
take the computer anyway.
If you worked in an office environment where someone could conceivably
walk in and sit at your computer while you are at lunch or in a meeting
and mess with your system, then you would probably need to stick with
the five minute timeout.
Paul
More information about the kubuntu-users
mailing list