Password question.

Paul Rumelhart godshatter at yahoo.com
Sun Nov 23 22:53:06 UTC 2008 

Steven Vollom wrote:
> Let me see if I understand what you are suggesting.  When I find this 
> place to set its value, if I set the value at, let's say, -1, the system 
> will stay in root until I shut down the system and only reappear when I 
> boot again?  I could still work from a shell, but when wanting to work 
> in Root, I could click on a Root Shell and it would be password-entered 
> when I did?
>
> I don't yet understand the purpose of timestamps via sudo -v and sudo -k 
> respectively.  Since you have read my situation, is this relevant to my 
> need?  It is my impression that passwords are basically to make a 
> computer safe from hacker entry and from busy-eyes.  Since I am alone, 
> the only concern I see for me is my laptop, because I never have anyone 
> in my home that I don't completely trust when I am on the computer.  If 
> the Water Meter reader came in to read the meter, I would simply stop 
> working and attend to them, safe and secure.  Most is for business 
> related security, isn't it?  Thanks!
>
> Steven
>   

I think he's assuming that one reason you don't want to type a large 
password into sudo all the time relates to your needing to use it fairly 
often.  By setting the timeout to a much larger value, you'll have to 
type your password into sudo less often.  If you generally need to do a 
command that needs sudo once every couple of hours, then you'll end up 
typing your password into sudo each time unless you make the timeout 
last longer than two hours. 

Depending upon your security concerns, you might want to make this a 
smaller value than 300, but larger than 5.  The five minute default is 
meant to protect against someone sneaking in after you have left your 
computer and typing a dangerous command in to mess with your system.  
For that to work, they would have to be quick, lucky, and would have to 
be really knowledgeable about what they're doing.  From what it sounds 
like to me, you should not have to worry much about having a higher 
timeout value, since no one will be walking up and messing with your 
computer while you are there.  If someone breaks in, then they'll just 
take the computer anyway.

If you worked in an office environment where someone could conceivably 
walk in and sit at your computer while you are at lunch or in a meeting 
and mess with your system, then you would probably need to stick with 
the five minute timeout. 

Paul

More information about the kubuntu-users mailing list