Re: Re: init system policy

To: debian-devel@lists.debian.org
Subject: Re: Re: init system policy
From: Laurent Bigonville <bigon@debian.org>
Date: Wed, 19 Nov 2014 11:24:07 +0100
Message-id: <[🔎] 20141119112407.70d93709@soldur.bigon.be>
In-reply-to: <[🔎] 20141119074510.GA15790@smurf.noris.de>

Matthias Urlichs wrote:
> Hi,
> 
> Steve Langasek:
> > The disadvantage of the sudo method is that you are spawning a PAM
> > session, which is not desirable for any service.
> > 
> Ah. Thanks for the reminder; mentioning the session issue completely
> slipped my mind. :-/
> 
> If one does need to use a sudo intermediate to start services, the
> 'pam_session', 'pam_setcred', and 'use_pty' flags should be turned
> off, as well as sudo's internal logging.
> 
> This will cause sudo to not create a PAM session, and directly exec()
> the daemon instead of running an intermediate fork.
> 
> See "man 5 sudoers" for details.

You probably want to use "runuser" that has been introduced recently in
utils-linux

Cheers,

Laurent Bigonville

Reply to:

Follow-Ups:
- Re: Re: init system policy
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- Re: init system policy
  - From: Matthias Urlichs <matthias@urlichs.de>

Prev by Date: Bug#769907: general: non-sysvinit init systems are made of fail
Next by Date: Re: Re: init system policy
Previous by thread: Re: Re: init system policy
Next by thread: Re: Re: init system policy
Index(es):
- Date
- Thread