Hi, Steve Langasek: > The disadvantage of the sudo method is that you are spawning a PAM session, > which is not desirable for any service. > Ah. Thanks for the reminder; mentioning the session issue completely slipped my mind. :-/ If one does need to use a sudo intermediate to start services, the 'pam_session', 'pam_setcred', and 'use_pty' flags should be turned off, as well as sudo's internal logging. This will cause sudo to not create a PAM session, and directly exec() the daemon instead of running an intermediate fork. See "man 5 sudoers" for details. -- -- Matthias Urlichs
Attachment:
signature.asc
Description: Digital signature