Is there a way to require a user to wait a certain time instead of asking for a password every time he wants to execute a command as root or access the root / or another user account?
Is there a way to require a user to wait a certain time instead of asking for a password every time he wants to execute a command as root or access the root / or another user account?
In terms of security, an alias can be easily overridden by a user who can even choose yo use another shell which will not read .bashrc.
So this solution cannot force/require the user to comply to the delay requirement.
I was thinking maybe with a PAM module the delay can be achieved but I haven’t found one that readily does that. Maybe OP needs to implement one :)
If an untrusted user is sitting at the console of a sudoer account, armed with its password, all is lost and any security has effectively been defeated already. While I do understand the concern it seems like something of a moot point.
pam_faildelay almost does it, but it only delays on auth failure. You would want something that delays on success. Might be almost as simple as “if not” on a check on pam_faildelay.