[sudo-users] Owner sudo process
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 3 06:07:00 MDT 2013
To properly support PAM sessions sudo needs to keep a privileged
process around to close the session. Older versions of sudo did
not do this which causes problems with some PAM session modules.
The actual command is still run as the target user. Most versions
of su behave similarly.
Sudo 1.8.8 (out in about a week) will allow you to disable PAM
session and setcred support in sudoers, in which case sudo will
exec the command directly without the extra process.
More information about the sudo-users