On Fri, 23 Jan 2015, Yvan Masson wrote: > Le jeudi 22 janvier 2015 à 19:34 -0500, Jason Edgecombe a écrit : > > On 01/22/2015 12:53 PM, Yvan Masson wrote: > > > Thanks for your fast answers. > > > > > > Le mardi 20 janvier 2015 à 20:37 -0500, Jason Edgecombe a écrit : > > >> On 01/20/2015 03:46 PM, Benjamin Kaduk wrote: > > >>> Hi, > > >>> > > >>> On Tue, 20 Jan 2015, Yvan Masson wrote: > > >>> > > > The most important for me would just one command (for example "sudo > > > ls").
Hmm, 'sudo ls' should not be invoking a new copy of the shell, IIRC, so I do not think that ~/.bash_logout or similar would be at fault. > > >> Is only the > > >>> terminal where sudo was run affected, or are other terminal windows > > >>> affected as well? > > > If I use sudo in gnome-terminal for example, the token is lost for this > > > terminal and for all my X session: this is my biggest problem. But if I > > > have also a running TTY, the token in my TTY is not destroyed. > > >>>> I suppose that I should do someting with PAM, probably > > >>>> in /etc/pam.d/sudo, but I don't know exactly what. > > >>> Well, it probably depends on whether the default (uid-based) pag is in > > >>> use, or a session-specific pag. > > >>> > > >>> I think that with jessie's kernel the pag information is stored in the > > >>> keyring, so 'keyctl show' before and after sudo is run may be helpful. > > > Pardon, but I don't know how to use this tool: can I run it from a > > > terminal ? > I finally understood that I needed the keyutils package... So if run > "keyctl show" before and after a sudo command, the results are exactly > identical : > $ keyctl show > Session Keyring > 901610366 ---lswrv 0 1000 keyring: _ses.2400 > 130758458 ----s--v 0 0 \_ afs_pag: _pag Hmm, this leaves me somewhat confused. Is pam_afs_session present in any pam configuration files? (grep -r pam_afs_session /etc/pam.d) -Ben
