[sudo-workers] sudo problem with trusted mode of HP-UX
guru raja
grandhi_gururaj at yahoo.com
Thu Sep 7 11:07:31 EDT 2006
Hi Todd,
Thanks for the reply. Sudo can still call the pam_close_session() in the pam_cleanup() function. There are cases where user can execute any shell (sh/ksh) using sudo. The sudo will exec the shell which would be a persistent process. In this case, pam_close_session() should be called before exiting the process. Please let me know whether it is the right way to do or not?
Thanks & Regards,
Guru.
"Todd C. Miller" <Todd.Miller at courtesan.com> wrote:
The reason sudo does not use pam_open_session() is that there is
no persistent process to call pam_close_session() after the command
is finished. Doing one without the other may have some negative
consequences depending on what session setup is done by
pam_open_session() on the particular system.
- todd
---------------------------------
All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.
More information about the sudo-workers
mailing list