Is it possible to enter password for sudo only once, and configure it to not require for password on other terminals?

I enter my first sudo command. I enter my password. For a while, I wont have to enter my password for subsequent sudo commands.

Now the question. I am someone who opens a lot of terminals. It would be very convenient if I don’t have to enter passwords when I use sudo in the terminals I open after my first sudo, for the short time when I wont have to enter password for sudo in the terminal from which I have used sudo for the first time. (Sorry for the long sentence!)

Is it possible? If not, why? If yes, how?

Asked By: daltonfury42

||

Sure it is. Run sudo visudo and add this line to your sudoers file:

Defaults        !tty_tickets

As explained in man sudoers:

 tty_tickets       If set, users must authenticate on a per-tty basis.
                   With this flag enabled, sudo will use a separate record
                   in the time stamp file for each tty.  If disabled, a
                   single record is used for all login sessions.  This
                   flag is on by default.

By setting tty_tickets to off (that’s what the ! means), you enable a single authentication to be shared by multiple sessions.

Answered By: terdon

So here is what you want to do to only have sudo ask for your password once per boot:

/etc/sudoers.d/00_prompt_once:

## Only ask for the password once for all TTYs per reboot.
## See https://askubuntu.com/a/1278937/367284 and
##     https://github.com/hopeseekr/BashScripts/
Defaults !tty_tickets
Defaults timestamp_timeout = -1
Answered By: Theodore R. Smith

In your sudoers.d file

sudo EDITOR=vim visudo -f /etc/sudoers/<filename>

Add the following:

Defaults    timestamp_timeout=-1

man sudoers reveals the following:

sudoers uses per-user time stamp files for credential caching. ...  The user may then use sudo without a password for a short period of time  (15 minutes unless overridden by the timestamp_timeout  option). ...   The timestamp_type option can be used to select the type of time stamp record  sudoers will use.

Further down:

 timestamp_timeout
                   Number of minutes that can elapse before sudo will ask for a passwd again.  The timeout may include a fractional component if minute granularity is insufficient, for example 2.5.  The default is 15.  Set
                   this to 0 to always prompt for a password.  If set to a value less than 0 the user's time stamp will not expire until the system is rebooted.  This can be used to allow users to create or delete their own
                   time stamps via “sudo -v” and “sudo -k” respectively.
Answered By: Alexander McConaughey