7

My problem is the following: I want to edit a file that is only readable by root. That's why I use

sudo vim ~/thefile

I could type

sudo -K

after exiting vim, but I was hoping that there's an option or something that makes sudo forget the password automatically. Of course I thought about editing the sudoers file and setting the timeout to 0, but I don't want to change the settings in general. I also found nothing in the manpage...

Is there a way to do this?

If interesting: I'm using Ubuntu 12.04 and bash.

caligula
  • 363

3 Answers3

6

There isn't an option to sudo that will do exactly what you want, but you can make a shell function that will create a new command sudok, which will run the sudo command and then have sudo remove its cached credentials.

function sudok () { sudo "$@"; sudo -K; }

Add that line to your ~/.bashrc or ~/.bash_profile to make it permanent.

Mark Plotnick
  • 25,413
  • 3
  • 64
  • 82
6

I'm pretty sure you just want sudo's little-k option, 

sudo -k vim ~/thefile

which is documented to completely ignore your cachefile:

When used in conjunction with a command or an option that may require a password, this option will cause sudo to ignore the user's cached credentials. As a result, sudo will prompt for a password (if one is required by the security policy) and will not update the user's cached credentials.

jthill
  • 2,710
  • I tried to make this clear two times already: I don't want the shell to forget the credentials that are already there! I want the shell to forget the credentials (that I might have to type or that I might not need to type because they're already there) AFTER the actions in vim!! The answer of Mark_Plotnick does what I searched for... – caligula Feb 26 '15 at 12:39
2

See man sudoers; a timestamp_timeout setting is described there. Set it to 0 to make sudo always prompt for a password.

Cristian Ciupitu
  • 2,510
9000
  • 1,639
  • 2
    That's what I meant by "I don't want to change the settings in general". I'd like to keep the timeout as it is! – caligula Feb 25 '15 at 15:58
  • Do you mean that you'd only want to change the setting for yourself? Or only for one particular command? I suppose there's sudoedit -k just for that; make a convenient alias. I suspect that you can even make calling sudo vim by a particular user to use timestamp_timeout = 0, but I did not try that and cannot guarantee it would work. – 9000 Feb 25 '15 at 16:49
  • I'm sorry for the bad english here, I'll try to make it clear: I want the shell to not remember my password after I exit vim. And I don't want to change user based settings like the timeout because I like the way everything works. So as you said, I'd like to change the settings for one command only... – caligula Feb 25 '15 at 17:06