[sudo-users] Avoid logs for a process
Todd C. Miller
Todd.Miller at sudo.ws
Thu Feb 22 18:11:27 MST 2018
On Wed, 21 Feb 2018 21:45:28 +0100, Daniele Palumbo wrote:
> I have a custom application that run with nohup.
> I am using sudo-io.
> I am running like (example command)
> Sudo nohup tcpdump -i any </dev/null >/dev/null 2>&1 &
> This generate the logs of stdout.
> How can I avoid it?
You can disable logging on a per-command basis. If using file-based
sudoers you would use the NOLOG_OUTPUT tag. For example:
someuser somehost NOLOG_OUTPUT: /usr/bin/nohup tcpdump -i any
For LDAP-based sudoers you can use add:
to the sudoRole that grants the command.
But it may just be easier to use write a simple script that does
the nohup and any redirection and run the script via sudo instead
of running nohup through sudo directly. That way there will not
be any output to log.
More information about the sudo-users