How to Force Sudo to Ask for Password Every Time in Ubuntu

By default, Ubuntu caches your sudo credentials for a short period, allowing you to run multiple administrative commands without re-entering your password. However, for enhanced security on shared systems or sensitive environments, you may want to disable this caching feature. This guide explains how to configure the sudoers file to force a password prompt for every single sudo command executed on your Ubuntu system.

Edit the Sudoers File

To change sudo behavior, you must edit the configuration file safely using the visudo command. This tool prevents syntax errors that could lock you out of administrative access. Open your terminal and run the following command:

sudo visudo

Configure Password Timeout

Once the file opens in your default text editor, locate the line that begins with Defaults env_reset. Below this line, add the following configuration setting:

Defaults timestamp_timeout=0

Setting the timestamp_timeout to 0 ensures that the credential cache expires immediately after each command is executed. This forces the system to request authentication for every subsequent sudo operation.

Save and Exit

After adding the line, save the changes and exit the editor. If you are using the default nano editor, press Ctrl + O, then Enter to save, and Ctrl + X to exit. If you are using vim, type :wq and press Enter.

Verify the Configuration

To confirm the setting is active, run a sudo command such as sudo ls. Enter your password when prompted. Immediately run another sudo command, such as sudo whoami. The system will ask for your password again instead of accepting the previous authentication.