Re: Re: init system policy
Matthias Urlichs wrote:
> Hi,
>
> Steve Langasek:
> > The disadvantage of the sudo method is that you are spawning a PAM
> > session, which is not desirable for any service.
> >
> Ah. Thanks for the reminder; mentioning the session issue completely
> slipped my mind. :-/
>
> If one does need to use a sudo intermediate to start services, the
> 'pam_session', 'pam_setcred', and 'use_pty' flags should be turned
> off, as well as sudo's internal logging.
>
> This will cause sudo to not create a PAM session, and directly exec()
> the daemon instead of running an intermediate fork.
>
> See "man 5 sudoers" for details.
You probably want to use "runuser" that has been introduced recently in
utils-linux
Cheers,
Laurent Bigonville
Reply to: