require sudo password for specific commands – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, debian, password, sudo, .
I’m trying to force a password on specific commands with sudo everytime of execution regardless if the password has been entered a second ago.
Is there a way of doing that?
Every search result on google just explains on how to remove the password prompt with NOPASSWD which is ok but I still want SPECIFIC commands to get a password prompt every time they get executed even if the password was just entered a second ago.
My approach was this:
Defaults !authenticate Cmnd_Alias WITHPW = rm -R, shutdown, Defaults:WITHPW authenticate
Can someone explain if thats the right way or what can I do?
There’s a difference between two options:
If set, users must authenticate themselves via a password
(or other means of authentication) before they may run commands. This
default may be overridden via the
NOPASSWDtags. This flag
is on by default.
Number of minutes before the sudo password prompt times
0for no timeout. The timeout may include a fractional
component if minute granularity is insufficient, for example
While you can set both per
passwd_timeout is the correct option for what you are trying to achieve.
Then, let’s look at the syntax for
Default_Type ::= 'Defaults' | 'Defaults' '@' Host_List | 'Defaults' ':' User_List | 'Defaults' '!' Cmnd_List | 'Defaults' '>' Runas_List Default_Entry ::= Default_Type Parameter_List Parameter_List ::= Parameter | Parameter ',' Parameter_List Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter
When specifying a
Cmnd_Alias you need
! prefix, resulting:
Cmnd_Alias WITHPW = /usr/bin/rm -R, /usr/sbin/shutdown Defaults:!WITHPW passwd_timeout=0