10

By default, sudo prompts me to input my user password a maximum of three times if I input wrong password. How can I change it to unlimited times(?)? How can I make it so that it asks me for my password until I enter the right one?

terdon
  • 100,812
αғsнιη
  • 35,660

1 Answers1

17

This is documented in man sudoers. The setting you are looking for is:

 passwd_tries      The number of tries a user gets to enter his/her pass‐
                   word before sudo logs the failure and exits.  The
                   default is 3.

So, to change that to, for example, 5, run sudo visudo and add these lines:

## Allow a user to attempt to enter a password 5 times
Defaults        passwd_tries=5

As far as I know, there is no way to set it to unlimited times but you can simply use a huge number:

Defaults        passwd_tries=99999999

That is unlimited for all intents and purposes, unless you have a user with a very severe case of OCD, they won't attempt to enter a password more than 100 million times.

terdon
  • 100,812
  • Now how can I change it to Unlimited times? (without large nubmer for passwd_tries ) – αғsнιη Oct 11 '14 at 16:18
  • 3
    @KasiyA set it to 99999999999 and live with it :) – terdon Oct 11 '14 at 16:18
  • oops I changed it to passwd_tries= and now I can not open again sudo visudo even I can not run any commands with sudo or gksu and gksudo ;( – αғsнιη Oct 11 '14 at 16:21
  • @KasiyA umm, then you're in trouble. You need to either reboot into rescue mode and remove the line from the file or boot into a live session, mount your local drive and edit it there. This is why you should never play with these things unless you know what you're doing and have an open root session that will allow you to fix what you break. – terdon Oct 11 '14 at 16:27
  • 1
    The first instructions here detail how to get into recovery mode: http://askubuntu.com/questions/24006/how-do-i-reset-a-lost-administrative-password – Seth Oct 11 '14 at 16:29
  • Also This is exactly what I facing @Seth – αғsнιη Oct 11 '14 at 16:33
  • Ooh, I forgot all about that. Could be easier. – Seth Oct 11 '14 at 16:35
  • @Seth Yes I just used pkexec visudo and saved it again thanks it fixed. – αғsнιη Oct 11 '14 at 16:36
  • 3
    @KasiyA never, ever, ever edit /etc/sudoers directly. That's why I told you to use visudo. That would have protected you from this problem. – terdon Oct 11 '14 at 16:49
  • 2
    For the future: while using visudo should prevent the creation of a bad sudoers file, if you do create one that is bad or (more likely, with visudo) valid but nonfunctional, the method detailed here with pkexec is usually sufficient to solve it, without even rebooting. – Eliah Kagan Oct 24 '14 at 07:48
  • @terdon Recommend not going over 2 billion in case it's stored in a signed 32-bit integer. To what number your input would map depends on the implementation. Likely candidate is 1215752191. Don't set it to 2^31-1 as this can cause trouble depending how the comparison with passwd_tries is implemented. At least go down to 2^31-2. – Joachim Wagner Nov 24 '20 at 12:10