Feature #19851


Sudo mode: Require password re-entry for sensitive actions (optional)

Added by Jens Krämer almost 9 years ago. Updated almost 9 years ago.

Accounts / authentication
Target version:
Start date:
Due date:
% Done:


Estimated time:


This patch adds a so-called sudo mode as a safe-guard against damage done through hijacked sessions, be it remotely or through physical access to a computer with an existing open Redmine session. A similar feature has been implemented for example by GitHub.

Sudo mode will require the user to re-enter his password before any potentially dangerous action is carried out (see below for full list). Once the correct password was entered, the original action will be performed and sudo mode will stay active for at least 15 minutes. Every time another action requiring sudo permissions is invoked, this interval will be reset, so more administrative work can be done without further interruptions. This behaviour is similar to what Unix sudo does.

Full list of things guarded by the patch:

  • editing of account data (my/account) and email addresses
  • displaying the API key, reset of rss / API keys
  • editing of Project memberships
  • global settings, plugin settings
  • user, group, role, auth source management
  • project deletion

Since actions requiring this additional authentication step are declared in controllers using a simple class method, sudo mode might also easily be used by plugins to protect their own potentially destructive actions.

This feature was developed for Planio and we think it would be very nice to have that in Redmine.


20150515_sudo_mode.diff (28.3 KB) 20150515_sudo_mode.diff patch against current trunk (r14266) Jens Krämer, 2015-05-15 10:52
Actions #1

Updated by Jan Niggemann ( team member) almost 9 years ago

I like the idea, thank you for providing a patch!

Actions #2

Updated by Toshi MARUYAMA almost 9 years ago

  • Target version set to 3.1.0
Actions #3

Updated by Jean-Philippe Lang almost 9 years ago

This would be a nice addition for 3.1.0 indeed but this feature may not be wanted for all Redmine instances. I think we should let people decide whether or not this feature is enabled. The configuration file would be a good place to have this setting (obviously it should not be possible to turn it on/off from the web interface).

Actions #4

Updated by Jean-Philippe Lang almost 9 years ago

  • Tracker changed from Patch to Feature
  • Subject changed from [Feature] Require password re-entry for sensitive actions (sudo mode) to Sudo mode: Require password re-entry for sensitive actions (optional)
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

The patch and a few changes are committed.


Also available in: Atom PDF