Is there a way to use the password less often?

Ok, I’m sure this is a stupid question, but…

I use one of my machines just at home and I start to get annoyed by how often I have to type my password. Start Timeshift? Password! Use yay? Password! Do this, do that: Password!

I get that this makes sense if you let others use your computer/account or on a laptop where someone may get access to. But in my case, using the machine just at home, it doesn’t make sense.

So I wonder, is there any way to use the password less often on a regular user account?

Yeah you can make a file 20-something in /etc/sudoers.d and add the following:

Defaults	insults
Defaults	timestamp_timeout=20
Defaults	timestamp_type=global
Defaults	passwd_timeout=0

The insults are just insults but he other lines you will find handy. You can adjust the timeout to your liking these are just my configs, see https://wiki.archlinux.org/title/Sudo for more info.

You should also add: alias sudo='sudo -v; sudo '
to your .bashrc or .zshrc again see the link…

EDIT:
Make sure you have this in your /etc/sudoers file:

## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

this line indicates that files within the /etc/sudoers.d directory will be sourced and applied as well. Use sudo visudo to edit /etc/sudoers as explained in the arch wiki!! Also use sudo visudo to make or edit the config file in /etc/sudoers.d

1 Like

I just checked your link. Looks like adding Defaults:USER_NAME !authenticate to /etc/sudoers gives the user permanent sudo rights without asking for the password.
Is it really that simple?

This is GNU/Linux so you are the benevolent ruler of your own system.

1 Like

Well, thanks, I guess that’s the solution then!

1 Like

Ok, I just edited the file and it indeed works for yay and pacman, but it doesn’t work for Timeshift. It still says “Authentication Required - PolicyKit1 KDE Agent”.

That is because timeshift isn’t using sudo.

Yeah, I just figured that out. It’s something different.

https://wiki.archlinux.org/title/Polkit

But why? Why do we need different apps(?)/services to do the same thing?

Probably for the same reason there is more than one Linux distribution or more than one video player or…

So how many of those things are there? How many files do I have to edit to get rid of the password?

And tbh it feels more like a video recorder with multiple play buttons. You want to watch Rambo? Use this button! But if you want to watch Pulp Fiction you have to use the other one 'cause the first one won’t work :wink:

edit Oh, you wrote video player. Was already wondering why you mention a VCR. Most ppl don’t even know those anymore these days :smile:

For most people, sudo, su and polkit.

How often do you start Timeshift a day? If you are restoring snapshots so often that typing the password annoys you, you’re doing something wrong.

With yay I get it, but still, you don’t have to update 10 times a day :sweat_smile:

I type my password maybe 2-3 times a day, hardly an annoyance.

1 Like

Some people obsessively check for updates… (me waiting for a working version of virtualbox 7)

For that purpose, I’d recommend the checkupdates command, from pacman-contribs, which doesn’t require sudo.

2 Likes

And while it’s your machine and you administrate it, it’s still the case that’s it’s a multiuser somewhat secure operating system, so there will always be some security if you want to use Linux, I would think, just because of that fact.

Exactly. You shouldn’t be using pacman (or yay) to check for updates, because that refreshes the local package database. So if you install anything before you update, you can get into a partial update situation.

In other words, running sudo pacman -Syu and then answering n when the database is refreshed is the same as running sudo pacman -Sy without -u, and that is not recommended.

checkupdate script from pacman-contrib runs pacman -Sy in a fakeroot environment, so it doesn’t actually refresh your local package database. It’s a safe way to check for updates.

3 Likes

Not that often. It’s just that the popup annoys me 'cause in my case it’s just useless and I don’t like doing useless things. Besides that my password is rather long.

If someone is using Linux quite often and doesn’t have a very long or complicated password you may be able to figure the password out by just looking at the keyboard :wink:

It is not useless. It serves as a reminder to inexperienced users, that you may destroy your system, if you are not careful.
Unless you know the risks well… :person_shrugging:

1 Like

I don’t really feel like starting a debate but I will just point out that entering your password isn’t useless from a security perspective.

The fact that you don’t share your computer with others is fairly irrelevant. Allowing root access without a password means that any non-root exploit becomes a root exploit.

4 Likes

But there’s also the other side. If you have to type your password over and over again you don’t really think about it anymore. It’s just routine and routine is a enemy of security.

I’m aware of this but it doesn’t really matter for this machine. Nothing sensitive or important on it.