[sudo-users] disabling sudo fork-ing
Ciprian Dorin, Craciun
ciprian.craciun at gmail.com
Fri Aug 20 09:07:34 EDT 2010
On Fri, Aug 20, 2010 at 16:00, Todd C. Miller <Todd.Miller at courtesan.com> wrote:
> Sudo will fork a child for systems that use PAM or SELinux or when
> I/O logging is enabled.
On my current system (ArchLinux) I'm using the default package
which is configured as:
~~~~
./configure --prefix=/usr --with-pam --libexecdir=/usr/lib \
--with-env-editor --with-all-insults --with-logfac=auth \
--disable-pam-session
# the `--disable-pam-session` was added by me in the hope it will
do the trick...
~~~~
So PAM is enabled, but the PAM session is not and from the
changelog I've understood that this behaviour (forking and waiting) is
enabled only when using a PAM session.
About the SELinux and logging I would guess no. (How do I disable logging?)
> Currently, SIGINT, SIGTERM, SIGHUP, and
> SIGQUIT are relayed to the child. Adding to that list is not a
> problem; what signals are `runit` and `daemontools` sending?
Strange... I think there is a problem on my part with the
signals... Indeed it seems to relay the SIGTERM signals. (`runit` uses
only the signals you've described.)
But anyway, it would be nice not to have the `sudo` process just
lying around and doing nothing...
> - todd
Thanks,
Ciprian.
More information about the sudo-users
mailing list