Document direct execution of the command if the policy plugin has

no close function.
2013-03-13 11:32:31 -04:00
parent 1791721ef2
commit 2e84f169cc
3 changed files with 28 additions and 11 deletions
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -333,13 +333,16 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
     environment as described above, and calls the execve system call in the
     child process.  The main ssuuddoo process waits until the command has
     completed, then passes the command's exit status to the security policy's
-     close method and exits.  If an I/O logging plugin is configured, a new
+     close function and exits.  If an I/O logging plugin is configured or if
-     pseudo-terminal (``pty'') is created and a second ssuuddoo process is used to
+     the security policy explicitly requests it, a new  pseudo-terminal
-     relay job control signals between the user's existing pty and the new pty
+     (``pty'') is created and a second ssuuddoo process is used to relay job
-     the command is being run in.  This extra process makes it possible to,
+     control signals between the user's existing pty and the new pty the
-     for example, suspend and resume the command.  Without it, the command
+     command is being run in.  This extra process makes it possible to, for
-     would be in what POSIX terms an ``orphaned process group'' and it would
+     example, suspend and resume the command.  Without it, the command would
-     not receive any job control signals.
+     be in what POSIX terms an ``orphaned process group'' and it would not
     receive any job control signals.  As a special case, if the policy plugin
     does not define a close function and no pty is required, ssuuddoo will
     execute the command directly instead of calling fork(2) first.
   SSiiggnnaall hhaannddlliinngg
     Because the command is run as a child of the ssuuddoo process, ssuuddoo will
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -747,8 +747,9 @@ system call in the child process.
 The main
 \fBsudo\fR
 process waits until the command has completed, then passes the
-command's exit status to the security policy's close method and exits.
+command's exit status to the security policy's close function and exits.
-If an I/O logging plugin is configured, a new  pseudo-terminal
+If an I/O logging plugin is configured or if the security policy
 explicitly requests it, a new  pseudo-terminal
 (``pty'')
 is created and a second
 \fBsudo\fR
@@ -759,6 +760,12 @@ and resume the command.
 Without it, the command would be in what POSIX terms an
 ``orphaned process group''
 and it would not receive any job control signals.
 As a special case, if the policy plugin does not define a close
 function and no pty is required,
 \fBsudo\fR
 will execute the command directly instead of calling
 fork(2)
 first.
 .SS "Signal handling"
 Because the command is run as a child of the
 \fBsudo\fR
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -731,8 +731,9 @@ system call in the child process.
 The main
 .Nm sudo
 process waits until the command has completed, then passes the
-command's exit status to the security policy's close method and exits.
+command's exit status to the security policy's close function and exits.
-If an I/O logging plugin is configured, a new  pseudo-terminal
+If an I/O logging plugin is configured or if the security policy
 explicitly requests it, a new  pseudo-terminal
 .Pq Dq pty
 is created and a second
 .Nm sudo
@@ -743,6 +744,12 @@ and resume the command.
 Without it, the command would be in what POSIX terms an
 .Dq orphaned process group
 and it would not receive any job control signals.
 As a special case, if the policy plugin does not define a close
 function and no pty is required,
 .Nm sudo
 will execute the command directly instead of calling
 .Xr fork 2
 first.
 .Ss Signal handling
 Because the command is run as a child of the
 .Nm sudo