Bugzilla – Bug 379
Unclear in manpage description: password prompt timeout
Last modified: 2010-06-14 16:19:12 MDT
The sudo manpage description discusses password prompt timeouts this way (last sentence): ---- sudo determines who is an authorized user by consulting the file /private/etc/sudoers. By running sudo with the -v option, a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered within 0 minutes (unless overridden via sudoers). ---- During the first read of the manapage the user does not know what '0 minutes' signifies nor do they know it is the default configuration. My attempt to clarify password prompt time outs: ---- sudo determines who is an authorized user by consulting the file /private/etc/sudoers. By running sudo with the -v option, a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered (default is no password time out, overridden via sudoers). ---- Reported to Apple via radar #7441598.
This is an artifact of setting the default password prompt timeout to 0 at build time (the value gets substituted in). I'll see if I can make the substitution a bit better when password_timeout is 0.
Thanks!
I've committed changes to the wording and some troff magic to get better wording when sudo is configured with a default password prompt timeout of 0. The changes will be present in sudo 1.7.3.
FYI, it is no longer necessary to build sudo with --with-password-timeout=0. That was a workaround for a bug in the fdesc filesystem but Mac OS X has used devfs instead of fdesc for quite some time now.