[sudo-workers] Synchronous writing to i/o logs
Todd C. Miller
Todd.Miller at courtesan.com
Tue Mar 14 09:02:43 MDT 2017
On Tue, 14 Mar 2017 05:45:04 -0400, Tomas Sykora wrote:
> according to the documentation: "All files other than log are compressed in g
> zip format unless the compress_io option has been disabled. Due to buffering,
> the I/O log data will not be complete until the sudo command has completed."
> Would it be possible to implement an option with functionality that would ma
> ke these writes synchronous (for compliance reasons)? So if the command run b
> y sudo would be killed, logs would be complete. Probably compression would ha
> ve to be disabled in this usecase.
If the command run by sudo is killed, the I/O log should still be
complete since the I/O log buffers are flushed on close. The only
case where this would not be true is if the sudo process itself was
killed. If you find that not to be the case then that is a bug in
sudo. I'll update the documentation to make it clear that the
I/O logs will be complete if the command is killed by a signal.
There is another use case for not buffering, which is to make it
possible to watch the logs in real-time but no one has asked for
that yet :-)
- todd
More information about the sudo-workers
mailing list