❦ 19 novembre 2014 08:45 +0100, Matthias Urlichs <matthias@urlichs.de> :
>> The disadvantage of the sudo method is that you are spawning a PAM session,
>> which is not desirable for any service.
>>
> Ah. Thanks for the reminder; mentioning the session issue completely
> slipped my mind. :-/
>
> If one does need to use a sudo intermediate to start services, the
> 'pam_session', 'pam_setcred', and 'use_pty' flags should be turned off,
> as well as sudo's internal logging.
>
> This will cause sudo to not create a PAM session, and directly exec() the
> daemon instead of running an intermediate fork.
There is chpst for this kind of task. Unfortunately, being part of
runit, it may not be suitable for a dependency.
--
/* Thanks to Rob `CmdrTaco' Malda for not influencing this code in any
* way.
*/
2.4.3 linux/net/core/netfilter.c
Attachment:
signature.asc
Description: PGP signature