Is there a way to require a user to wait a certain time instead of asking for a password every time he wants to execute a command as root or access the root / or another user account?
Is there a way to require a user to wait a certain time instead of asking for a password every time he wants to execute a command as root or access the root / or another user account?
sure. first, configure sudo to be passwordless, or perhaps just to stay unlocked for longer (it’s easy to find instructions for how to do that).
then, put this in your
~/.bashrc:alias sudo='echo -n "are you sure? "; for i in $(seq 5); do echo -n "$((6 - $i)) "; sleep 1; done && echo && /usr/bin/sudo 'Now “sudo” will give you a 5 second countdown (during which you can hit ctrl-c if you change your mind) before running whatever command you ask it to.
In terms of security, an alias can be easily overridden by a user who can even choose yo use another shell which will not read .bashrc.
So this solution cannot force/require the user to comply to the delay requirement.
I was thinking maybe with a PAM module the delay can be achieved but I haven’t found one that readily does that. Maybe OP needs to implement one :)
pam_faildelay almost does it, but it only delays on auth failure. You would want something that delays on success. Might be almost as simple as “if not” on a check on pam_faildelay.