[sudo-users] disabling sudo fork-ing

Ciprian Dorin, Craciun ciprian.craciun at gmail.com
Fri Aug 20 11:23:16 EDT 2010

On Fri, Aug 20, 2010 at 18:04, Todd C. Miller <Todd.Miller at courtesan.com> wrote:
> In message <AANLkTi=t7Vd8MjdSwXaEWuhKGnVVwrVON9f8DBm+iENu at mail.gmail.com>
>        so spake "Ciprian Dorin, Craciun" (ciprian.craciun):
>>     Couldn't there also be a command line argument that forces this
>> disabling? (Because I doubt that the upstream ArchLinux maintainer
>> would accept the `--disable-pam-session` in the official builds...)
> Not without breaking the PAM session support.  Something needs to
> wait around to close the session after the command exits.  In the
> past sudo would open the session and immediately close it but this
> caused problems for some PAM modules.
> I'd much rather get to the bottom of whatever the actual signal
> issue is with running daemons via sudo using runit or daemontools.

    For my current usage `sudo` relays all the needed signals. (But if
you check the man page you'll see that `runit` specifies some "control
modes" that trigger other kinds of signals (ALRM, QUIT, USR1, USR2,
STOP and CONT (of which STOP can't be caught by a process just like

    For `daemontools` (which was the inspiration for `runit` and which
is more widely deployed) it's almost the same (STOP, CONT, QUIT).

    I also suppose that `sudo` is used in a lot of scripts which
aren't intended directly for users (e.g. control scripts). Thus this
change (of forking and waiting) might have other hidden impacts.

>  - todd


More information about the sudo-users mailing list