Unverified Commit d159831d authored byBrowse files
Add option LP_USE_SUDO_VALIDATE
Validation of sudo credentials is done by invoking a command (true). This means that, if the user has sudo credentials, a root session is opened and then closed. Potentially generating two PAM messages plus the sudo line for true being executed as root. This commit adds an option to use the validate command (sudo -v) to test for credentials. Validate command DOES NOT open a session and does not log anything on success. It still logs "a password is required" in case of failure but those lines are easier to filter out searching for COMMAND=validate. I've opted for adding LP_USE_SUDO_VALIDATE instead of replacing the default behaviour because I'm not sure if -v is on every system. The default value is 0: using the old behaviour (execute true).