SIGHUP.
POSIX terms an "orphaned process group" and it would not receive any job
control signals from the kernel. When the command exits or is terminated
by a signal, the _\bm_\bo_\bn_\bi_\bt_\bo_\br passes the command's exit status to the main
- s\bsu\bud\bdo\bo process and exits. On most systems, processes created by the
- command that are still running in the background when the command exits
- and that have not changed their session will receive the SIGHUP signal
- when the monitor exits, since it is the terminal session leader. To
- prevent this from happening, background processes started by the command
- can be invoked via the nohup(1) command to ignore SIGHUP. Alternately,
- some systems provide a setsid(1) command which can be used to run the
- command in a new session. In both cases, there is a potential race
- condition where the command being run via s\bsu\bud\bdo\bo could exit before nohup(1)
- or setsid(1) have time to complete their setup.
+ s\bsu\bud\bdo\bo process and exits. After receiving the command's exit status, the
+ main s\bsu\bud\bdo\bo passes the command's exit status to the security policy's close
+ function and exits.
If no pty is used, s\bsu\bud\bdo\bo calls fork(2), sets up the execution environment
as described above, and uses the execve(2) system call to run the command
- in the child process.
-
- In both cases, the main s\bsu\bud\bdo\bo process waits until the command (or monitor)
- has completed, then passes the command's exit status to the security
- policy's close function and exits. As a special case, if the policy
- plugin does not define a close function and no pty is required, s\bsu\bud\bdo\bo will
- execute the command directly instead of calling fork(2) first. The
- _\bs_\bu_\bd_\bo_\be_\br_\bs policy plugin will only define a close function when I/O logging
- is enabled, a pty is required, or the _\bp_\ba_\bm_\b__\bs_\be_\bs_\bs_\bi_\bo_\bn or _\bp_\ba_\bm_\b__\bs_\be_\bt_\bc_\br_\be_\bd options
- are enabled. Note that _\bp_\ba_\bm_\b__\bs_\be_\bs_\bs_\bi_\bo_\bn and _\bp_\ba_\bm_\b__\bs_\be_\bt_\bc_\br_\be_\bd are enabled by
- default on systems using PAM.
+ in the child process. The main s\bsu\bud\bdo\bo process waits until the command has
+ completed, then passes the command's exit status to the security policy's
+ close function and exits. As a special case, if the policy plugin does
+ not define a close function, s\bsu\bud\bdo\bo will execute the command directly
+ instead of calling fork(2) first. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy plugin will only
+ define a close function when I/O logging is enabled, a pty is required,
+ or the _\bp_\ba_\bm_\b__\bs_\be_\bs_\bs_\bi_\bo_\bn or _\bp_\ba_\bm_\b__\bs_\be_\bt_\bc_\br_\be_\bd options are enabled. Note that
+ _\bp_\ba_\bm_\b__\bs_\be_\bs_\bs_\bi_\bo_\bn and _\bp_\ba_\bm_\b__\bs_\be_\bt_\bc_\br_\be_\bd are enabled by default on systems using PAM.
S\bSi\big\bgn\bna\bal\bl h\bha\ban\bnd\bdl\bli\bin\bng\bg
When the command is run as a child of the s\bsu\bud\bdo\bo process, s\bsu\bud\bdo\bo will relay
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.21 November 29, 2017 Sudo 1.8.21
+Sudo 1.8.21 December 1, 2017 Sudo 1.8.21
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "8" "November 29, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "8" "December 1, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
passes the command's exit status to the main
\fBsudo\fR
process and exits.
-On most systems, processes created by the command that are still
-running in the background when the command exits and that have
-not changed their session will receive the
-\fRSIGHUP\fR
-signal when the monitor exits, since it is the terminal session leader.
-To prevent this from happening, background processes started by the command
-can be invoked via the
-nohup(1)
-command to ignore
-\fRSIGHUP\fR.
-Alternately, some systems provide a
-setsid(1)
-command which can be used to run the command in a new session.
-In both cases, there is a potential race condition where the
-command being run via
-\fBsudo\fR
-could exit before
-nohup(1)
-or
-setsid(1)
-have time to complete their setup.
+After receiving the command's exit status, the main
+\fBsudo\fR
+passes the command's exit status to the security policy's close function
+and exits.
.PP
If no pty is used,
\fBsudo\fR
sets up the execution environment as described above, and uses the
execve(2)
system call to run the command in the child process.
-.PP
-In both cases, the main
+The main
\fBsudo\fR
-process waits until the command (or monitor) has completed, then passes the
+process waits until the command has completed, then passes the
command's exit status to the security policy's close function and exits.
As a special case, if the policy plugin does not define a close
-function and no pty is required,
+function,
\fBsudo\fR
will execute the command directly instead of calling
fork(2)
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd November 29, 2017
+.Dd December 1, 2017
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
passes the command's exit status to the main
.Nm
process and exits.
-On most systems, processes created by the command that are still
-running in the background when the command exits and that have
-not changed their session will receive the
-.Dv SIGHUP
-signal when the monitor exits, since it is the terminal session leader.
-To prevent this from happening, background processes started by the command
-can be invoked via the
-.Xr nohup 1
-command to ignore
-.Dv SIGHUP .
-Alternately, some systems provide a
-.Xr setsid 1
-command which can be used to run the command in a new session.
-In both cases, there is a potential race condition where the
-command being run via
+After receiving the command's exit status, the main
.Nm
-could exit before
-.Xr nohup 1
-or
-.Xr setsid 1
-have time to complete their setup.
+passes the command's exit status to the security policy's close function
+and exits.
.Pp
If no pty is used,
.Nm
sets up the execution environment as described above, and uses the
.Xr execve 2
system call to run the command in the child process.
-.Pp
-In both cases, the main
+The main
.Nm
-process waits until the command (or monitor) has completed, then passes the
+process waits until the command has completed, then passes the
command's exit status to the security policy's close function and exits.
As a special case, if the policy plugin does not define a close
-function and no pty is required,
+function,
.Nm
will execute the command directly instead of calling
.Xr fork 2
projects / sudo / commitdiff