Running a single executable with sudo adds two processes in process list

sudo ps

When you do:

sudo ./lwdpi -i enp5s0

  • sudo is the parent process, it fork(2)s a child, which then do execve(2) with ./lwdpi as the executable name

  • so lwdpi is sudo's child process

This results in two processes as you can see, one is sudo and another is lwdpi.

The best way to see the details is to check the PPID (parent process ID) too:

ps -eo pid,ppid,args | grep '[l]wdpi'

you'll see that lwdpi's parent is sudo itself.

Here is sudo's process model, from man sudo:

When sudo runs a command, it calls fork(2), sets up the execution environment as described above, and calls the execve system call in the child process. The main sudo process waits until the command has completed, then passes the command's exit status to the security policy's close function and exits.

If an I/O logging plugin is configured or if the security policy explicitly requests it, a new pseudo-terminal (“pty”) is created and a second sudo process is used to relay job control signals between the user's existing pty and the new pty the command is being run in. This extra process makes it possible to, for example, suspend and resume the command. Without it, the command would be in what POSIX terms an “orphaned process group” and it would not receive any job control signals.

As a special case, if the policy plugin does not define a close function and no pty is required, sudo will execute the command directly instead of calling fork(2) first. The sudoers policy plugin will only define a close function when I/O logging is enabled, a pty is required, or the pam_session or pam_setcred options are enabled. Note that pam_session and pam_setcred are enabled by default on systems using PAM.


This happens when you start any process with sudo One process is the sudo program and the other is the program launched with sudo, which is a child process of the first. The sudo program will exit only when the process it is running for (its child) exits. Here's an extract from my pstree when running sudo apt update

    ├─mate-terminal─┬
                    ├─bash───sudo───apt
               child of bash--^      ^--child of sudo

Related

Convert .xls/.xlsx spreadsheets to multiple .csv's based on a list
cannot install mysql-server in ubuntu16.0.4
/usr/bin/ld: cannot find -lOpenCL
What's the difference between "virtualenv" and "-m venv" in creating Virtual environments(Python)
Ways to improve the accuracy of a Naive Bayes Classifier?
How to copy and paste between different tmux panes running vim instances
Is ReST over websockets possible?
Async always WaitingForActivation
Using reactjs with requirejs
Unit Testing File I/O
SVN reverse merge?
Simulating touch events on a PC browser