On Mon, 10 Jan 2000, Ethan Benson wrote: > ulimit does not really protect at all against someone malicious since > they are perfectly free to un-ulimit themselves, this is where > pam_limits is helpful, it enforces the hard limit and it cannot be > ulimited past that.
Hmmm. How would a user "unlimit himself" without changing his shell? If he stays in a single bash or csh shell, I don't know how he could do that. $ ulimit -v unlimited $ ulimit -v 32767 $ ulimit -v 32767 $ ulimit -v 32768 bash: ulimit: cannot modify limit: Operation not permitted OTOH if you're talking about someone who switches his shell to get around the limits, that's my whole point. I need to know how to set shell-independent limits. Yes you can do that with PAM, but I still don't see a PAM limit on virtual memory. Is there one there?