sudo keeps asking me for my password in fish shell

sudo in Ubuntu keeps asking me for my password for every command. Previously, I only had to enter the password once, and then it would be remembered for a period of time. This recently changed, probably after "upgrading" to Natty.

I've done sudo visudo and set Defaults env_reset, timestamp_timeout = 60, tried rebooting, but it's still not working. How do I fix this?

After suggestions below, my /etc/sudoers looks like this:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults:endolith timestamp_timeout=60

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d

Update:

I upgraded my VirtualBox and it started to suffer from the same problem. At a guess, I ran bash, and tried to sudo in that, and the password is remembered correctly. It's only when I use my default shell fish that it doesn't remember. It did in the previous Ubuntu release, but no longer.

Update:

I upgraded to 13.05 and this magically started working again. Now it asks for my password once, stops asking for a while, and then asks again after a period of time.

endolith

Posted 2011-06-15T14:17:09.747

Reputation: 6 626

possible duplicate: http://superuser.com/questions/148665/linux-unix-how-to-enable-one-user-to-sudo-without-a-password

– warren – 2011-07-21T21:05:55.900

3@warren: That's not a duplicate. I should be required to enter the password, but after I have entered it once, I don't have to for a given amount of time. I have changed this amount of time with visudo in the past but it's not working anymore. – endolith – 2011-07-21T21:16:03.687

I think that you have to use multiple Defaults statements, rather than one common separated one. – Stephanie – 2011-07-22T04:25:05.490

@Stephanie, I am certain that having a single Defaults statement with comma separated values works fine. – Zoredache – 2011-07-22T06:16:38.693

i see you have added a line like Defaults:endolith timestamp_timeout=60 , but you are not in any group called endolith, accordidng to another comment here. so what username are you using? Check with whoami, and add that username in place of endolith in Defaults:endolith timestamp_timeout=60 or endolith ALL=(ALL) NOPASSWD: ALL – wim – 2011-07-25T12:07:37.423

@wim: yes, I'm in the right group, which I wrote as "username" – endolith – 2011-07-25T12:59:38.697

Group "username" is not mentioned in the file. Try adding endolith ALL=(ALL) ALL right under root ALL=(ALL:ALL) ALL – frabjous – 2011-08-08T04:53:20.550

Answers

@endolith: Yes, it only seems to affect fish. I had the same problem, the issue is caused by the sudo option "tty_tickets". Disabling this on your /etc/sudoers file will solve the problem.

The following will disable tty_tickets:

Defaults        env_reset,!tty_tickets

Kadu

Posted 2011-06-15T14:17:09.747

Reputation: 336

Does this have any negative ramifications? – endolith – 2011-08-10T05:58:13.283

"Be careful if you offer SSH access to remote users, as you could unintentionally allow them to share elevated privileges with you if you disable tty_tickets." from http://ask.debian.net/questions/how-to-have-sudo-powers-shared-between-different-bash-sessions

– endolith – 2011-08-11T14:13:36.000

I offer SSH access to a remote user, but it is only to myself, so I assume this does not cause any vulnerability? – endolith – 2011-08-14T22:55:36.510

If nothing else works, try sudo -i (by itself). That'll give you a root shell after one password.

Broam

Posted 2011-06-15T14:17:09.747

Reputation: 3 831

6great point but slightly riskier than the request. – mbb – 2011-06-15T15:32:04.200

Considering this is the "Ubuntu way" for getting a rootshell, I figured it was a neat work around the problem. Every command is still logged. – Broam – 2011-06-22T16:18:41.590

1It doesn't really fix the problem though, it is basically just a way to ignore it. – Zoredache – 2011-07-24T09:31:32.330

This is a workaround rather than a solution, but it's good and I don't mind if it automatically gives you half the bounty. :) – endolith – 2011-07-26T15:38:26.547

I only had to enter the password once, and then it would be remembered for a period of time.

If I where to guess, I would bet that something about your /var/run/sudo directory is screwed up. This directory is where the timestamp files are stored. Maybe /var/run is full, maybe the permissions got screwed up. Anyway, look at that directory, I suspect your problem may be there.

The permissions on my folder look like this.

# find /var/run/sudo/ -ls
1164242    4 drwx------   6 root     root         4096 Jan  1  1985 /var/run/sudo/
1179694    4 drwx------   2 root     www-data     4096 Jan  1  1985 /var/run/sudo/www-data
1164286    4 drwx------   2 root     myuser      4096 Jul 21 23:03 /var/run/sudo/myuser
1163399    0 -rw-------   1 root     myuser         0 Jul 13 22:42 /var/run/sudo/myuser/0
1163453    0 -rw-------   1 root     myuser         0 Jul 21 22:59 /var/run/sudo/myuser/2
1164309    0 -rw-------   1 root     myuser         0 Jul 21 23:03 /var/run/sudo/myuser/6
1163303    0 -rw-------   1 root     myuser         0 Jul 13 22:31 /var/run/sudo/myuser/5

For good measure you might also want to try running sudo -K to kill your current timestamp files.

Zoredache

Posted 2011-06-15T14:17:09.747

Reputation: 18 453

find: '/var/run/sudo': No such file or directory – endolith – 2011-07-25T00:45:35.103

Well that is a bad sign, why not try creating it, and set the ownership/permissions like above. – Zoredache – 2011-07-25T01:52:53.730

Or you could just reinstall the package. – Zoredache – 2011-07-25T02:04:56.923

reinstalled sudo with synaptic and it still says that – endolith – 2011-07-25T05:40:01.020

I get the same thing on a VirtualBox running Ubuntu 10.10. there is no sudo folder in /var/run. In this virtual machine, it remembers my password as expected, so this doesn't seem relevant. The only thing in visudo on this virtual machine is Defaults env_reset. It also says %sudo ALL=(ALL) ALL instead of %sudo ALL=(ALL:ALL) ALL. – endolith – 2011-07-26T15:42:50.087

I would check the /etc/sudoers.d/ directory.

You can also try to downgrade the sudo package to the previous version.

Michał Šrajer

Posted 2011-06-15T14:17:09.747

Reputation: 2 495