❦ 19 novembre 2014 08:45 +0100, Matthias Urlichs <matthias@urlichs.de> : >> The disadvantage of the sudo method is that you are spawning a PAM session, >> which is not desirable for any service. >> > Ah. Thanks for the reminder; mentioning the session issue completely > slipped my mind. :-/ > > If one does need to use a sudo intermediate to start services, the > 'pam_session', 'pam_setcred', and 'use_pty' flags should be turned off, > as well as sudo's internal logging. > > This will cause sudo to not create a PAM session, and directly exec() the > daemon instead of running an intermediate fork. There is chpst for this kind of task. Unfortunately, being part of runit, it may not be suitable for a dependency. -- /* Thanks to Rob `CmdrTaco' Malda for not influencing this code in any * way. */ 2.4.3 linux/net/core/netfilter.c
Attachment:
signature.asc
Description: PGP signature