[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init system policy



 ❦ 19 novembre 2014 08:45 +0100, Matthias Urlichs <matthias@urlichs.de> :

>> The disadvantage of the sudo method is that you are spawning a PAM session,
>> which is not desirable for any service.
>> 
> Ah. Thanks for the reminder; mentioning the session issue completely
> slipped my mind. :-/
>
> If one does need to use a sudo intermediate to start services, the
> 'pam_session', 'pam_setcred', and 'use_pty' flags should be turned off,
> as well as sudo's internal logging.
>
> This will cause sudo to not create a PAM session, and directly exec() the
> daemon instead of running an intermediate fork.

There is chpst for this kind of task. Unfortunately, being part of
runit, it may not be suitable for a dependency.
-- 
 /* Thanks to Rob `CmdrTaco' Malda for not influencing this code in any
  * way.
  */
        2.4.3 linux/net/core/netfilter.c

Attachment: signature.asc
Description: PGP signature


Reply to: