[sudo-workers] sudo problem with trusted mode of HP-UX

guru raja grandhi_gururaj at yahoo.com
Thu Sep 7 11:07:31 EDT 2006

Hi Todd,
     Thanks for the reply. Sudo can still call the pam_close_session() in the pam_cleanup() function.  There are cases where user can execute  any shell (sh/ksh)  using sudo. The sudo will exec the  shell which would be a persistent process. In this case, pam_close_session()  should be called before exiting the process. Please let me know whether it is the right way to do or not?
  Thanks &  Regards,

"Todd C. Miller" <Todd.Miller at courtesan.com> wrote:
  The reason sudo does not use pam_open_session() is that there is
no persistent process to call pam_close_session() after the command
is finished. Doing one without the other may have some negative
consequences depending on what session setup is done by
pam_open_session() on the particular system.

- todd

 All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.

More information about the sudo-workers mailing list