Bug 379

Summary: Unclear in manpage description: password prompt timeout
Product: Sudo Reporter: Timothy Weiand <tweiand>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: low    
Priority: low    
Version: 1.7.2   
Hardware: Macintosh   
OS: MacOS X   

Description Timothy Weiand 2009-12-07 14:08:09 MST 
The sudo manpage description discusses password prompt timeouts this way (last sentence):
----
sudo determines who is an authorized user by consulting the file
/private/etc/sudoers.  By running sudo with the -v option, a user can update the 
time stamp without running a command. The password prompt itself will also time out 
if the user's password is not entered within 0 minutes (unless overridden via 
sudoers).
----

During the first read of the manapage the user does not know what '0 minutes' signifies nor do they know it is the default configuration.

My attempt to clarify password prompt time outs:
----
sudo determines who is an authorized user by consulting the file
/private/etc/sudoers.  By running sudo with the -v option, a user can update the 
time stamp without running a command. The password prompt itself will also time out 
if the user's password is not entered (default is no password time out, overridden
via sudoers).
----

Reported to Apple via radar #7441598.
Comment 1 Todd C. Miller 2009-12-08 17:53:51 MST 
This is an artifact of setting the default password prompt timeout to 0 at build time (the value gets substituted in).  I'll see if I can make the substitution a bit better when password_timeout is 0.
Comment 2 Timothy Weiand 2009-12-09 14:17:33 MST 
Thanks!
Comment 3 Todd C. Miller 2010-06-10 17:22:27 MDT 
I've committed changes to the wording and some troff magic to get better wording when sudo is configured with a default password prompt timeout of 0.  The changes will be present in sudo 1.7.3.
Comment 4 Todd C. Miller 2010-06-14 16:19:12 MDT 
FYI, it is no longer necessary to build sudo with --with-password-timeout=0.  That was a workaround for a bug in the fdesc filesystem but Mac OS X has used devfs instead of fdesc for quite some time now.