[sudo-users] sudo spawns the process but does not exit

Todd C. Miller Todd.Miller at courtesan.com
Tue Jul 10 12:53:23 EDT 2012

On Mon, 09 Jul 2012 10:05:43 CDT, Alexander Moibenko wrote:

> So, its changed since 1.7.2p1.
> May I ask what was the reason?

Before the change sudo did not close the pam session properly, the
close function was called before the process exited.  If you run a
command using "su -c command" you will see that the su process also
remains until the command is finished for the same reason.

In addition, when I/O logging is enabled, the parent sudo process
must remain running in order to log the input/output.

For sudo 1.8.x there are several more reasons:

1) The plugin API specifies that the command's exit status is
   sent to the security policy plugin, which requires that sudo
   remain running until the command exits.

2) When running a command in a pty (either explicitly via the
   use_pty sudoers option or because I/O logging is enabled), sudo
   needs to remove the utmp entry for the pty the command is running

> My argument for keeping it as it was:
> if you want the process to run as daemon (and my is), you do not want  
> to keep running the parent process.

If the process acts as a true daemon and forks itself into the
background it should exit almost immediately.

If you want to restore the old behavior in sudo 1.7.x you can run
configure with the --disable-pam-session which will prevent sudo
from waiting for the command to finish as a side effect.  However,
that will not have the same effect in sudo 1.8.x.

The extra sudo process should consume negligable resources as it
will sleep until the process finish or is sent a signal.

 - todd

More information about the sudo-users mailing list