At system startup, the init script is run with limits calculated on the basis of the core MAXFILES. After you run sysctl limits of the system may be altered, for example "kern.maxfilesperproc", but the script will continue to work with the old values.
This is bad in two ways: 1. When using the "chroot", so that the command does not execute logon for the user: limits and environmental variables remain the same, just replaced the uid and gid of the running process. 2. When not specified "user" - the process starts with the limits of the environment and startup script. # limits Resource limits (current): ... openfiles 200000 ... # sysctl kern.maxfilesperproc=200001 kern.maxfilesperproc: 200000 -> 200001 # limits Resource limits (current): ... openfiles 200000 ... # su -m root -c 'limits' Resource limits (current): ... openfiles 200001 # chroot -u root / /usr/bin/limits Resource limits (current): ... openfiles 200000 ... Scripts for which the specified user inherit it from the startup script, rather than generate it based on the settings for the user. #su -m mysql -c '/bin/sh -c "/usr/bin/env"' ... USER=root MAIL=/var/mail/root HOME=/root LOGNAME=root PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin :/root/bin ... To run the scripts with the correct limits, the environment, the priority and chroot - need a tool combines the chroot, su, nice, chdir but deprived of their shortcomings. su - is focused on a shell chroot - does not make the logon nice - there is no overlap in the chroot or su "SHELL" should be inherited from a parent script, because many accounts is established: SHELL="/usr/sbin/nologin" -- Rozhuk Ivan _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
