Package: sudo Version: 1.8.9~rc1-1 Severity: normal sudo doesn't use the correct user when setting limits - it uses the limits for the first user with the given UID.
Please note that it works fine for _different_ users, so the referenced bugs below are solved (?). Rationale: I want to restrict my user to relatively low ulimits (to protect against misbehaving applications), but some things should have more room. ulimits are defined per-user, and one cannot set the hard limit higher easily (without writing an own program for that); so I would just use a second user. To avoid having all kinds of right issues I'd like to use the same UID; as /etc/security/limits.conf uses names and not UIDs, this looks easy. (And it does "just work" for su, see below.) Steps to reproduce: * choose a user in /etc/passwd u1:x:1000:1000::/home/u1:/bin/bash * copy it to a new name, keeping the same UID u2:x:1000:1000::/home/u1:/bin/bash * build a matching record in /etc/shadow u2:*:15000:0:99999:7::: * ensure that pam_limits is defined for sudo # grep limits /etc/pam.d/sudo session required pam_limits.so * set different configurations in /etc/security/limits.conf u1 hard stack 8192 u2 hard stack 262144 * verify (as root): # su -c 'ulimit -Hs' u1 8192 # su -c 'ulimit -Hs' u2 262144 * test with "sudo": # sudo -u u1 bash -c 'ulimit -Hs' 8192 # sudo -u u2 bash -c 'ulimit -Hs' 8192 Related(?): Sudo ignores pam_limits: (2002) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93845 sudo pam limits (2009) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518464 User limit 'open files' ... does not work properly with sudo http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641607 /etc/pam.d/sudo has no longer pam_limits.so: https://answers.launchpad.net/ubuntu/+source/sudo/+question/241943 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sudo depends on: ii libc6 2.17-97 ii libpam-modules 1.1.3-9 ii libpam0g 1.1.3-9 ii libselinux1 2.2.1-1 sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/pam.d/sudo changed: session required pam_limits.so @include common-auth @include common-account @include common-session-noninteractive /etc/sudoers [Errno 13] Keine Berechtigung: u'/etc/sudoers' /etc/sudoers.d/README [Errno 13] Keine Berechtigung: u'/etc/sudoers.d/README' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org