Best way to run MacPorts Install Script (Sudo keeps timing out)



I started a new job that mostly uses Ubuntu, and has an apt-get based boostrap script for bash. I've renamed the packages as appropriate from MacPorts, but some of the programs take long enough to build/install that sudo times out. Is there a way I can prompt for the password at the beginning of the script and then not ask for it again until the script is over?

My thoughts are that I can somehow set a per-terminal session variable to override the sudo timeout then restore it, but I don't know if this is the best way. Ideally a new person could run this on the first day and walk away while they tend to more administrative stuff.


Posted 2011-03-22T19:56:40.840

Reputation: 145

It might be a good idea if you edited your question to make it more general, along the lines of "How to prevent sudo timeout" with your specific issue only as an example where it's needed. This way it'll be more useful for others with a similar, not identical, issue. – Daniel Beck – 2011-03-27T15:51:49.543



Run sudo visudo in Terminal and add the following line to the Defaults "block" to get a 1 hour timeout:

Defaults timestamp_timeout=60

From man sudoers:

Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively.

Be aware that you're opening yourself to security issues. Make frequent use of sudo -k to force timeout.

Daniel Beck

Posted 2011-03-22T19:56:40.840

Reputation: 98 421

now assuming a user has already set a different timeout, how can I return it to their previous value? – KyleWpppd – 2011-03-22T20:55:47.173

@Kyle How did your user set a different timeout? This configuration file is the authority on that. If you're referring to the last sentence, it just means that with no expiration, users can expire their auth themselves using sudo -k and re-authenticate without performing a command using sudo -v. – Daniel Beck – 2011-03-22T21:10:27.433

The user would have set the timeout by the same process, but I guess that wouldn't be an issue since they would most likely be on a new machine. – KyleWpppd – 2011-03-22T21:13:23.080

@Kyle visudo edits /etc/sudoers. Just look inside the file to see if there's already a setting like that. The setting is for all users of the machine, but can be changed to apply to specific users only. – Daniel Beck – 2011-03-22T21:41:00.673


you can install the ports tree to run with your user:

Install macports as usual, then before installing chown the ports tree in /opt/local to your user. Now everything you do with ports can be done without sudo. Only ports which need root priviledge to install stuff like new users, groups or services will fail and only work with sudo.

There were plans to implement something like priviledge separation in macports, but I never followed up to find out if that got implemented.

Florenz Kley

Posted 2011-03-22T19:56:40.840

Reputation: 1 453

This seems like an ugly hack, and I wouldn't want to then lock other users out of installing to /opt/local – KyleWpppd – 2011-03-27T15:41:39.817

Kyle, why would this be an "ugly hack"? Working around sane timeouts in sudo is, in contrast, a hack. Using a "software owner" with a non-root uid is not unusual in shared Unix environments. You need some policy to govern who can install where, and this is one way to do it. – Florenz Kley – 2011-03-28T09:17:59.957

Ugly hack may be too strong. I dislike this solution because this is a one time event, to manage sudo for a one-time install script. So in my case it would be chown to a user, then have to worry about permissions problems if something goes wrong. I'd prefer a RVM-type solution honestly (installs to home folder, no sudo required) if we are going about changing ownership, etc. – KyleWpppd – 2011-03-28T12:45:25.050


Just for completion, a root shell can prevent sudo timeout as well.

sudo -H -i


Posted 2011-03-22T19:56:40.840

Reputation: 11