Sudo Or Die

January 14th, 2010

Dave Dribin offers a couple really handy tips for modifying the behavior of the “sudo” command-line tool, which allows ordinary admin users to acquire superuser powers for editing files, changing permissions, etc.

Handy Sudo Settings – Dave Dribin’s Blog

I knew about the ability to change the sudo timeout, but have never gotten around to looking into exactly how it’s done. Now, I’ll be annoyed a lot less often when I’m in an “administrative” frame of work.

Dave’s post inspired me to finally do a little more research into sudo and the configuration options. For starters, now that I’ve upped my timeout value to something longer than the default 5 minutes, I might want to occasionally “logout” of my sudo authenticated session. The “kill” option does just this, putting you back in a “password required” state:

% sudo -k

As for the options Dave described, they and many others like them are described in the “sudoers” man page:

% man 5 sudoers

Hmm. What’s this option called insults? I turned it on, but Apple appears to have “cleaned up” this option in Mac OS X. It doesn’t do anything. On the Linux installation that runs red-sweater.com, I turned on the option to see what would happen:

yarn% sudo ls
daniel's password: 
... and it used to be so popular...
daniel's password: 
You do that again and see what happens...
daniel's password: 
It's only your word against mine.
sudo: 3 incorrect password attempts

One of the things I love about UNIX heritage is the sense of humor that pervades most of the software. The Mac used to have much more of this itself. I guess we traded it in for a greater sense of professionalism and solidity, but I still miss the corny humor sometimes.

7 Responses to “Sudo Or Die”

  1. hawkman Says:

    The Mac used to have much more of this itself. … I still miss the corny humor sometimes.

    Me too! Then again, we do still have gems like the BSOD generic PC icon. Which, as I recall, didn’t go down so well with the comedically challenged; so maybe it’s a good thing there isn’t a lot more of this sort of thing?

  2. just jon Says:

    It is, of course useful for making a sandwich.

    jon

  3. leeg Says:

    I remember an argument on the FreeBSD development list between Apple’s head of BSD engineering (Jordan K. Hubbard) and, well, the rest of the whole known universe, over whether Apple would consider it appropriate to accept upstream source for Darwin that used the EDOOFUS error code. EDOOFUS was used to indicate programmer error in calling an API that was detected at runtime.

  4. Jim Mock Says:

    If you need prolonged admin access, you can do ‘sudo -s’, which will dump you into a root shell without worrying about timeouts.

  5. Chris Hubbard Says:

    As for the lack of humor, I really miss Clarus. Moof!

  6. Dan W. Says:

    It’s sad that the insults are compiled in via header files so to get them on OS X you’d need to recompile. You can see the insults in the Darwin source [0] but I’m guessing Apple decided to disable them. Maybe it’s time for a radar on the matter.

    [0] at http://www.opensource.apple.com/source/sudo/sudo-46/src/ any file that matches ins_*.h

  7. Eric Schulman Says:

    One of the things YOU should love about UNIX is running as root like a real man. Sudo is for children and ubuntu.

Comments are closed.

Follow the Conversation

Stay up-to-date by subscribing to the Comments RSS Feed for this entry.