Sudo and signal propagation

submited by
Style Pass
2023-05-24 14:00:04

When the command is run as a child of the sudo process, sudo will relay signals it receives to the command. The SIGINT and SIGQUIT signals are only relayed when the command is being run in a new pty or when the signal was sent by a user process, not the kernel. This prevents the command from receiving SIGINT twice each time the user enters control-C. Some signals, such as SIGSTOP and SIGKILL, cannot be caught and thus will not be relayed to the command.

This makes sense. Signals need to be relayed by sudo to the process it’s managing. Otherwise, scripts would need to calculate the child PID or send signals to the appropriate process group (a rather arcane concept). It is much simpler to run a backgrounded sudo instance and send signals to $! (as we did in the test script).

As a special case, sudo will not relay signals that were sent by the command it is running. This prevents the command from accidentally killing itself. On some systems, the reboot(8) utility sends SIGTERM to all non-system processes other than itself before rebooting the system. This prevents sudo from relaying the SIGTERM signal it received back to reboot(8), which might then exit before the system was actually rebooted, leaving it in a half-dead state similar to single user mode.

Leave a Comment