[sudo-users] disabling sudo fork-ing

Ciprian Dorin, Craciun ciprian.craciun at gmail.com
Fri Aug 20 09:07:34 EDT 2010

On Fri, Aug 20, 2010 at 16:00, Todd C. Miller <Todd.Miller at courtesan.com> wrote:
> Sudo will fork a child for systems that use PAM or SELinux or when
> I/O logging is enabled.

    On my current system (ArchLinux) I'm using the default package
which is configured as:

   ./configure --prefix=/usr --with-pam --libexecdir=/usr/lib \
     --with-env-editor --with-all-insults --with-logfac=auth \
    # the `--disable-pam-session` was added by me in the hope it will
do the trick...

    So PAM is enabled, but the PAM session is not and from the
changelog I've understood that this behaviour (forking and waiting) is
enabled only when using a PAM session.

    About the SELinux and logging I would guess no. (How do I disable logging?)

> Currently, SIGINT, SIGTERM, SIGHUP, and
> SIGQUIT are relayed to the child.  Adding to that list is not a
> problem; what signals are `runit` and `daemontools` sending?

    Strange... I think there is a problem on my part with the
signals... Indeed it seems to relay the SIGTERM signals. (`runit` uses
only the signals you've described.)

    But anyway, it would be nice not to have the `sudo` process just
lying around and doing nothing...

>  - todd


More information about the sudo-users mailing list