1 00:00:06,820 --> 00:00:11,740 So behind sudo there is the sudoers configuration file, and I want to talk about 2 00:00:11,740 --> 00:00:16,660 this configuration file a little bit because it can be useful to know about it. 3 00:00:17,280 --> 00:00:21,449 You can use the vi sudo command to open the etc sudoers configuration file. 4 00:00:22,089 --> 00:00:27,399 Notice that visudo will use your editor variable to start your default editor. So depending 5 00:00:27,399 --> 00:00:32,710 on that variable, you may have nano or vim or maybe even another editor. 6 00:00:34,229 --> 00:00:39,019 If you don't want to edit the etc. Sudoers file directly, you 7 00:00:39,019 --> 00:00:43,810 can alternatively add drop in files to the etcsuduos d directory. 8 00:00:45,210 --> 00:00:50,825 Now, what do we find in the etc. Sudoers file? Well, you find a line like wheel all is 9 00:00:50,825 --> 00:00:56,439 all all on Red Hat that is on Ubuntu. It's slightly different, but the idea is the same. 10 00:00:56,840 --> 00:01:01,140 It allows all users who are a member of the group wheel to run all commands from all systems. 11 00:01:01,780 --> 00:01:02,899 And that's the default line. 12 00:01:03,719 --> 00:01:09,250 Now, this line does prompt for a password anytime sudo is used. If you don't like that, and if 13 00:01:09,250 --> 00:01:14,780 you like to make your system very insecure, you can use real all is all no passwd all. 14 00:01:15,560 --> 00:01:20,640 Honestly, I don't think you should ever do that, because that means 15 00:01:20,640 --> 00:01:25,719 that your admin user doesn't need any additional authentication before using sudo. 16 00:01:26,480 --> 00:01:27,239 That's dangerous. 17 00:01:28,340 --> 00:01:35,260 A better solution would be to add the following line to cache the valid sudo credentials for four hours. 18 00:01:36,140 --> 00:01:42,730 As I just mentioned, after entering the password by default, you get an authentication token that's valid for five minutes. 19 00:01:43,250 --> 00:01:49,980 If you don't like that, you can add this line to your sudo's configuration file. So default timestamp type is global. 20 00:01:51,099 --> 00:01:58,033 That part means that no matter how sudo is coming in over remote connections or local connections, and 21 00:01:58,033 --> 00:02:04,966 then the essential parameter is is timestamp. Timeout is whichever value in minutes works for you. I like 22 00:02:04,966 --> 00:02:11,900 240, because that's half a day after lunch. It's okay if you need to enter your password again. 23 00:02:13,080 --> 00:02:15,599 Let's add this before we continue with the next video. 24 00:02:16,879 --> 00:02:19,699 Okay, so I'm using sudo vi sudo. 25 00:02:20,719 --> 00:02:23,000 After all, we do need administrative privileges. 26 00:02:23,860 --> 00:02:28,946 Did you notice, by the way, that on CentOS 10, the title bar of the 27 00:02:28,946 --> 00:02:34,033 terminal window is getting a different color? If you are using elevated privileges, that's an 28 00:02:34,033 --> 00:02:39,120 easy way to figure out if you're in a normal user shell or not. 29 00:02:40,219 --> 00:02:43,780 Using uppercase g brings me to the end of the document where we can 30 00:02:43,780 --> 00:02:47,340 see include dir. That's for the drop in files in this include directory. 31 00:02:48,280 --> 00:02:53,025 Here we can see percent will all is all all that is the 32 00:02:53,025 --> 00:02:57,770 default setting and I am going to use defaults followed by timestamp. 33 00:03:00,870 --> 00:03:06,919 Type is global and TimesTimeToMeout is 240. 34 00:03:13,849 --> 00:03:18,280 Let's make the timestamp. And did you notice how VIM syntax highlighting is 35 00:03:18,280 --> 00:03:22,710 automatically highlighting it correctly now that I have the right value in there? 36 00:03:23,250 --> 00:03:29,139 So I'm going to save these changes and from now on I only have to enter my password every four hours.