[sudo-users] Avoid logs for a process

Todd C. Miller Todd.Miller at sudo.ws
Thu Feb 22 18:11:27 MST 2018

On Wed, 21 Feb 2018 21:45:28 +0100, Daniele Palumbo wrote:

> I have a custom application that run with nohup.
> I am using sudo-io.
> I am running like (example command)
> Sudo nohup tcpdump -i any </dev/null >/dev/null 2>&1 &
> This generate the logs of stdout.
> How can I avoid it?

You can disable logging on a per-command basis.  If using file-based
sudoers you would use the NOLOG_OUTPUT tag.  For example:

someuser somehost NOLOG_OUTPUT: /usr/bin/nohup tcpdump -i any

For LDAP-based sudoers you can use add:

sudoOption !log_output

to the sudoRole that grants the command.

But it may just be easier to use write a simple script that does
the nohup and any redirection and run the script via sudo instead
of running nohup through sudo directly.  That way there will not
be any output to log.

 - todd

More information about the sudo-users mailing list