Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
On Mon, Aug 12, 2019 at 09:58:14PM +, Hongyi Zhao wrote: > On Mon, 12 Aug 2019 15:40:03 +0200, Greg Wooledge wrote: > > > You > > could start by telling us which DM it is (lightdm, gdm3, sddm, etc.). > > gdm3 > > And I don't know to let the limits take effect within this environment. I don't either. First thing you can do is look for a file like /etc/pam.d/gdm3 (or possibly /etc/pam.d/gdm), and see if it contains the pam_limits.so line. If it doesn't, then you know it isn't reading /etc/security/limits.conf file, and your first step would be to add the pam_limits.so line. VERY carefully, after reading all of the PAM documentation. If it does contain this line, then perhaps you can try running a standard Debian X session instead of a GNOME session. Pick your favorite regular window manager that is NOT part of a desktop environment, put that in your ~/.xsession file, login with a Debian session, open a terminal, and see if the limits are correct. Then remove the ~/.xsession file (or restore it to whatever it was before) to go back to the way things were before, if you still want to. If the limits are correct in a terminal executed by a regular window manager inside a Debian session, then you know the PAM stuff is working correctly. If they're NOT correct inside a terminal executed by dbus inside a GNOME session, then you have some more digging to do. It's possible that they're working just fine in other pieces of your GNOME session, just not in terminals. It's possible that you may or may not care about terminals, or that you may or may not care ONLY about terminals. You're not exactly giving us much detail here.
Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
On Mon, 12 Aug 2019 15:40:03 +0200, Greg Wooledge wrote: > You > could start by telling us which DM it is (lightdm, gdm3, sddm, etc.). gdm3 And I don't know to let the limits take effect within this environment. Regards
Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
On Mon, 12 Aug 2019 15:40:03 +0200, Greg Wooledge wrote: > You > could start by telling us which DM it is (lightdm, gdm3, sddm, etc.). gdm3 And I don't know to let the limits take effect within this environment. Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
On Mon, 12 Aug 2019 15:40:03 +0200, Greg Wooledge wrote: > You > could start by telling us which DM it is (lightdm, gdm3, sddm, etc.). gdm3 And I don't know to let the limits take effect within this environment. Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
> Il giorno dom 11 ago 2019 alle ore 05:30 Hongyi Zhao > ha scritto: > > > Hi, > > > > I added the following lines into /etc/security/limits.conf: > > > > * - nofile 65535 > > root - nofile 65535 > > > > > > But it still not take effect for the normal user. How are you logging in? How are you checking? On Sun, Aug 11, 2019 at 11:17:37AM +0200, Emmanuel Gelati wrote: > check if you are using pam_limits module > > grep -i limit /etc/pam.d/* For a console login, the relevant file is /etc/pam.d/login which, on buster, contains: # Sets up user limits according to /etc/security/limits.conf # (Replaces the use of /etc/limits in old login) sessionrequired pam_limits.so So, that would be the first step I would try: make sure you are doing a regular CONSOLE login (not a graphical login, not ssh), don't run startx or anything like that, and verify your limits in the console login shell. I just tried it now, on buster, and it worked for me. If you verify that this works, but you're still having problems in whatever OTHER thing you are doing that you haven't described to us yet, then try telling us what you're doing. Bear in mind that the PAM limits are only applied to PAM sessions that use the appropriate configurations. For example, a console login uses /etc/pam.d/login which has this configuration. An ssh login uses /etc/pam.d/sshd which also has this configuration. A graphical (display manager) login ... who knows? Debugging DM logins can be tricky. You could start by telling us which DM it is (lightdm, gdm3, sddm, etc.). You can verify whether that particular DM is using a PAM configuration that uses the limits.conf file, and possibly edit the PAM configuration if needed. On top of that, it's possible that your Desktop Environment, if any, may be overriding your resource limits. Or, you may be launching a terminal through a non-traditional method (like GNOME does, using dbus to launch terminals), which means your terminals do not inherit the resource limits from your X or Wayland session. (GNOME is written by and for aliens, not Unix people.) And beyond that, it's quite possible that you are laboring under some serious misunderstandings about how resource limits work. Maybe you thought they would apply to daemons that are started by systemd, or to cron jobs that you created. They don't. PAM resource limits are only imposed on PAM sessions. Not systemd services, not cron jobs, etc. That's why you need to TELL US WHAT YOU ARE DOING.
Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
check if you are using pam_limits module grep -i limit /etc/pam.d/* Il giorno dom 11 ago 2019 alle ore 05:30 Hongyi Zhao ha scritto: > Hi, > > I added the following lines into /etc/security/limits.conf: > > * - nofile 65535 > root - nofile 65535 > > > But it still not take effect for the normal user. > > Any hints? > -- > .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :. > > -- .~. /V\ // \\ /( )\ ^`~'^
revise the /etc/security/limits.conf doesn't take effect for normal user.
Hi, I added the following lines into /etc/security/limits.conf: * - nofile 65535 root - nofile 65535 But it still not take effect for the normal user. Any hints? -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
Useful hint: limits.conf and root
Hi! Just a little public service announcement, because I just lost 2 hours if my life figuring out how to apply new limits to processes started by the root user without using a manual call to "ulimit" every time: If you edit /etc/security/limits.conf to, for example, increase the maximum number of files a process may open, you would normally do it like this: ,[ /etc/security/limits.conf | * softnofile 4096 | * hardnofile 4096 ` But beware this little comment at the top of the file: ,[ /etc/security/limits.conf | #- NOTE: group and wildcard limits are not applied to root. | # To apply a limit to the root user, must be | # the literal username root. ` I didn't read that (because I am a veteran sysadmin with nearly 20 years of Unix experience, I don't need to read any stinking comments or documentation ...) and was very very astounded when my new limits did not apply when relogging into root. To make this work, you need entries like this: ,[ /etc/security/limits.conf | rootsoftnofile 4096 | roothardnofile 4096 ` And lo and behold, it works. Judging by my searches on Google to solve that problem, I am not the only one missing that crucial difference in the scope of the '*'-domain. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8bd2d2670...@mids.svenhartge.de
Re: [Debian 7] my custom nofile limits.conf setting doesnt work with sudo.
Thanks it saved my day. all is working now. 2014-02-04 12:50, Reco skrev: Hi. On Tue, Feb 04, 2014 at 12:08:27PM +0100, Stefan Eriksson wrote: on a side not, this works ok, but it doesnt help me as I need the sudo command to see the correct limits aswell. Wheezy's version of /etc/pam.d/sudo lacks this line: sessionrequired pam_limits.so So, every time you use sudo - you keep shell limits from the original session. debian6:/# egrep -r pam_limits /etc/pam.d/ /etc/pam.d/sshd:sessionrequired pam_limits.so /etc/pam.d/cron:sessionrequired pam_limits.so /etc/pam.d/su:sessionrequired pam_limits.so /etc/pam.d/login:sessionrequired pam_limits.so /etc/pam.d/sudo:session required pam_limits.so And, as you can see above, squeeze's version of /etc/pam.d/sudo has pam_limits.so. anyone seen this issue before or know if there is an added security option one has to active in wheezy? I just add pam_limits.so to /etc/pam.d/sudo during upgrade to wheezy. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f1e3a2.4090...@glesys.se
Re: [Debian 7] my custom nofile limits.conf setting doesnt work with sudo.
Hi. On Tue, Feb 04, 2014 at 12:08:27PM +0100, Stefan Eriksson wrote: > on a side not, this works ok, but it doesnt help me as I need the > sudo command to see the correct limits aswell. Wheezy's version of /etc/pam.d/sudo lacks this line: sessionrequired pam_limits.so So, every time you use sudo - you keep shell limits from the original session. > > debian6:/# egrep -r pam_limits /etc/pam.d/ > > /etc/pam.d/sshd:sessionrequired pam_limits.so > > /etc/pam.d/cron:sessionrequired pam_limits.so > > /etc/pam.d/su:sessionrequired pam_limits.so > > /etc/pam.d/login:sessionrequired pam_limits.so > > /etc/pam.d/sudo:session required pam_limits.so And, as you can see above, squeeze's version of /etc/pam.d/sudo has pam_limits.so. > anyone seen this issue before or know if there is an added security > option one has to active in wheezy? I just add pam_limits.so to /etc/pam.d/sudo during upgrade to wheezy. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140204115052.GA25051@x101h
[Debian 7] my custom nofile limits.conf setting doesnt work with sudo.
Hi I'm trying to set custom number of open files with limits.conf for a user with Debian 7 but it doesnt work (have rebooted etc.): > debian7:/# cat /etc/issue > Debian GNU/Linux 7 \n \l > > ii libpam-modules:amd64 1.1.3-7.1 > ii libpam-modules-bin 1.1.3-7.1 > ii libpam-runtime 1.1.3-7.1 > ii libpam0g:amd64 1.1.3-7.1 > ii sudo 1.8.5p2-1+nmu1 > > debian7:/# cat /etc/security/limits.conf | grep test > testingsoftnofile 4096 > testinghardnofile 8000 > > debian7:/etc/pam.d# egrep -r pam_limits /etc/pam.d/ > /etc/pam.d/cron:sessionrequired pam_limits.so > /etc/pam.d/sshd:sessionrequired pam_limits.so > /etc/pam.d/atd:sessionrequired pam_limits.so > /etc/pam.d/su:sessionrequired pam_limits.so > /etc/pam.d/login:sessionrequired pam_limits.so > > debian7:/# sudo -u testing -s ulimit -Sn > 1024 on a side not, this works ok, but it doesnt help me as I need the sudo command to see the correct limits aswell. > debian7:/# sudo su - testing > $ ulimit -Sn > 4096 > $ ulimit -Hn > 8000 > $ but on a Debian 6 system it works. > debian6:/# cat /etc/issue > Debian GNU/Linux 6.0 \n \l > > debian6:/# cat /etc/security/limits.conf | grep test > testingsoftnofile 4096 > testinghardnofile 8000 > > debian6:/# egrep -r pam_limits /etc/pam.d/ > /etc/pam.d/sshd:sessionrequired pam_limits.so > /etc/pam.d/cron:sessionrequired pam_limits.so > /etc/pam.d/su:sessionrequired pam_limits.so > /etc/pam.d/login:sessionrequired pam_limits.so > /etc/pam.d/sudo:session required pam_limits.so > > debian6:/# sudo -u testing -s ulimit -Sn > 4096 > debian6:/# sudo -u testing -s ulimit -Hn > 8000 anyone seen this issue before or know if there is an added security option one has to active in wheezy? Thanks in advance. Stefan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f0ca2b.40...@glesys.se
Re: limits.conf
Hello Guido, Excerpt from Guido Martínez: > I can confirm this. I wasn't sure if it was expected behaviour so I > did a quick google search and came to this > http://www.chrissearle.org/blog/technical/increasing_max_number_open_files_glassfish_user_debian. > > If you want 'su' to set the user limits you need to modify > /etc/pam.d/su and uncomment the line "# session required > pam_limits.so". I tried it and it works. Thank you! That gives expected results. Additionally i added the same to '/etc/pam.d/sudo'. > Given that this option exists, it's most likely not a bug. IMO well at least that fact that this line is commented and that 'su' is the only file in /etc/pam.d/ that does so is arguable. -- -- -- Regards, Thilo 4096R/0xC70B1A8F 721B 1BA0 095C 1ABA 3FC6 7C18 89A4 A2A0 C70B 1A8F -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/kk9vfa$2t1$1...@ger.gmane.org
Re: limits.conf
I can confirm this. I wasn't sure if it was expected behaviour so I did a quick google search and came to this http://www.chrissearle.org/blog/technical/increasing_max_number_open_files_glassfish_user_debian. If you want 'su' to set the user limits you need to modify /etc/pam.d/su and uncomment the line "# session required pam_limits.so". I tried it and it works. Given that this option exists, it's most likely not a bug. Guido On Sat, Apr 6, 2013 at 12:30 PM, Thilo Six wrote: > Hello > > i have observed a to my (limited) understanding a strange behavior regarding > limits settings. I would like some hint if i am doing s.th. wrong or if i > encountered a bug. > > > i have the following: > ---- > /etc/security/limits.conf > > * - nproc 512 > rootsoft nproc 1024 > roothard nproc 2048 > > * - nofile 8192 > root - nofile 16383 > > > limits.conf(5): > NOTE: group and wildcard limits are not applied to the root > user. To set a limit for the root user, this field must > contain the literal username root. > > > With the settings above applied when i log in on a vt as root i get the > follwoing limits for user root: > > root on vt: > # ulimit -Hu > 2048 > # ulimit -Hn > 16383 > # ulimit -Su > 1024 > # ulimit -Sn > 16383 > > > ^- These are excepted results. > > > Now when i log into kde and start konsole or a xterm and 'su -' i get the > following: > > root in kde: > # ulimit -Sn > 8192 > # ulimit -Hn > 8192 > # ulimit -Su > 512 > # ulimit -Hu > 512 > > > su(1): > -, -l, --login > Provide an environment similar to what the user would > expect had the user logged in directly. > > As you can see in this case the limits defined for a ordinary user are applied > for root. IMO this is a bug as it breaks documented behavior. > > Should this be reported or am i missing s.th.? > > -- > Regards, > Thilo > > 4096R/0xC70B1A8F > 721B 1BA0 095C 1ABA 3FC6 7C18 89A4 A2A0 C70B 1A8F > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/kjpf2b$b93$1...@ger.gmane.org > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA++DQUm7sZgqmrFqh83yyqCktNE_YV=2v+9fcny-gd3w_4q...@mail.gmail.com
limits.conf
Hello i have observed a to my (limited) understanding a strange behavior regarding limits settings. I would like some hint if i am doing s.th. wrong or if i encountered a bug. i have the following: /etc/security/limits.conf * - nproc 512 rootsoft nproc 1024 roothard nproc 2048 * - nofile 8192 root- nofile 16383 limits.conf(5): NOTE: group and wildcard limits are not applied to the root user. To set a limit for the root user, this field must contain the literal username root. With the settings above applied when i log in on a vt as root i get the follwoing limits for user root: root on vt: # ulimit -Hu 2048 # ulimit -Hn 16383 # ulimit -Su 1024 # ulimit -Sn 16383 ^- These are excepted results. Now when i log into kde and start konsole or a xterm and 'su -' i get the following: root in kde: # ulimit -Sn 8192 # ulimit -Hn 8192 # ulimit -Su 512 # ulimit -Hu 512 su(1): -, -l, --login Provide an environment similar to what the user would expect had the user logged in directly. As you can see in this case the limits defined for a ordinary user are applied for root. IMO this is a bug as it breaks documented behavior. Should this be reported or am i missing s.th.? -- Regards, Thilo 4096R/0xC70B1A8F 721B 1BA0 095C 1ABA 3FC6 7C18 89A4 A2A0 C70B 1A8F -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/kjpf2b$b93$1...@ger.gmane.org
Re: User cannot set process priority nice --10 despite changes in limits.conf
> Doesn't look to me like you're running the command as the user you > specified in limits.conf. > > Jonathan > -- > Jonathan Matthews > London, UK > http://www.jpluscplusm.com/contact.html You are completely correct but despite my mistake on trying to reproduce this problem on different machine it still remains. hlds@gserver:/> nice --5 cat logfile nice: cannot set niceness: Permission denied -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTik41yh59X0shURtB6t7U7oGtmNd=w...@mail.gmail.com
Re: User cannot set process priority nice --10 despite changes in limits.conf
On 17 April 2011 11:21, Sebastian Tarach wrote: > Hello, > > I'm trying to allow user hlds to be able to start game server daemon with > higher priority. Even though I've added fallowing line in > /etc/security/limits.conf > > hlds - nice-20 > > I'm still getting > > starach@debian:/> nice --5 cat logfile > nice: cannot set niceness: Permission denied > > What could I have done wrong? Doesn't look to me like you're running the command as the user you specified in limits.conf. Jonathan -- Jonathan Matthews London, UK http://www.jpluscplusm.com/contact.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktim570oohx04lbl_qfssx2wheht...@mail.gmail.com
User cannot set process priority nice --10 despite changes in limits.conf
Hello, I'm trying to allow user hlds to be able to start game server daemon with higher priority. Even though I've added fallowing line in /etc/security/limits.conf # # #* softcore0 #roothardcore10 #* hardrss 1 #@studenthardnproc 20 #@facultysoftnproc 20 #@facultyhardnproc 50 #ftp hardnproc 0 #ftp - chroot /ftp #@student- maxlogins 4 # End of file hlds - nice-20 I'm still getting Kod: starach@debian:/> nice --5 cat logfile nice: cannot set niceness: Permission denied What could I have done wrong?
Re: limits.conf does not work at etch ?
Sjors Gielen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Bonnet wrote: Hello I'm in trouble with the /etc/security/limits.conf file at ETCH AMD64 it does not apply the following statement after rebooting the machine *hardnofile65536 the nofile ulimit value stay sticked at 1024 Anyone knows a workaround ? Thanks a lot First of all, can you manually change the ulimit value using ulimit -n? yes in the current shell Second: What happens if you add: * soft nofile 65536 next to the hard limit? I found a workaround for MY case . If I replace the "*" character by the user concerned by this statement it works ... dovecot softnofile 32768 dovecot hardnofile 65536 Then typing the following as root give this mail:~# ulimit -n 65535 bug or feature ? Sjors -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm/n6EACgkQHJNr90P0N+GgKwCdGqTma2RnwB01mzadUFVJ826f pZAAn2K8fY6meok/SzJratDWd/1zrwyP =lu9f -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: limits.conf does not work at etch ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Bonnet wrote: > Hello > > I'm in trouble with the /etc/security/limits.conf file at ETCH AMD64 > it does not apply the following statement after rebooting the machine > > *hardnofile65536 > > the nofile ulimit value stay sticked at 1024 > > Anyone knows a workaround ? > > Thanks a lot First of all, can you manually change the ulimit value using ulimit -n? Second: What happens if you add: * soft nofile 65536 next to the hard limit? Sjors -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm/n6EACgkQHJNr90P0N+GgKwCdGqTma2RnwB01mzadUFVJ826f pZAAn2K8fY6meok/SzJratDWd/1zrwyP =lu9f -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
limits.conf does not work at etch ?
Hello I'm in trouble with the /etc/security/limits.conf file at ETCH AMD64 it does not apply the following statement after rebooting the machine * hardnofile 65536 the nofile ulimit value stay sticked at 1024 Anyone knows a workaround ? Thanks a lot -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
/etc/security/limits.conf: ulimit -l (max locked memory) reports 32 when it should be unlimited
Hello, I'm using Sarge. I'm learning to use /etc/security/limits.conf in order to set user limits via PAM. According to the doc if I specify a user or group followed by '-' and omit the type and value, then no limits will apply to that user/group, e.g. @root - will ensure that no limits will apply to use users belonging to the group 'root'. However, when I run uname -a I get 32 kb instead of "unlimited" for the max locked memory: $ ulimit -a core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes(-u) 2112 virtual memory(kbytes, -v) unlimited If I leave /etc/security/limits.conf empty, then I get the following results: $ ulimit -a core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes(-u) unlimited virtual memory(kbytes, -v) unlimited Can anyone explain the reason why "max locked memory" is reduced from "unlimited" to "32"? I presume that the "max locked memory" is the maximum amount of memory that must stay in physical RAM, and that anything over that can be swapped to disk. Is that right? Thanks, Yasir -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Question on PAM and limits.conf
Today I was tweaking my /etc/secrurity/limits.conf on my server. A while back I had setup Bastille, which defaults to 100 MB max file size for users if you enable the resource restrictions. I decided I wanted to store some ISO images in my home directory. Thus, I wanted to up the limit for my login and no others. I edited limits.conf to give myself a 1.2 GB max file size. The only problem was that the new limit would not take. I ended up having to reboot my machine (after much searching for an alternative solution) to get the new limits to take. Why did I have to reboot? Did I overlook another way to get this done? -Roberto Sanchez signature.asc Description: OpenPGP digital signature
ssh login can't apply /etc/security/limits.conf
Hello list, I am trying to configure the user resource restriction in /etc/security/limits.conf. I believe the configuration has no problem, but when the user ssh login, the session will not include the limits in the limits.conf file. BTW, I checked the /etc/pam.d/login and /etc/pam.d/ssh file. Both have this line in it: sessionrequired pam_limits.so Is there anything I missed? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: limits.conf problem
Hello Patrick Hsieh <[EMAIL PROTECTED]>, Have to use ulimit -aH to read the hard limit. ^_^ My problems: 1. What's the difference btween soft and hard limit? What will happen if I exceed the soft limit but in the hard limit? 2. How to tune the stack size, max locked memory and max memory size? My Debian GNU/Linux server has 1G RAM as a productive web server. On Thu, 04 Apr 2002 20:33:40 +0800 Patrick Hsieh <[EMAIL PROTECTED]> wrote: > Hello list, > This is my limits.conf for testing Debian GNU/Linux server: > > * hardcore0 > * hardnofile 1024 > * hardrss 1 > * hardnproc 100 > * hardstack 102400 > roothardcore0 > roothardnofile 65536 > #roothardrss40 > roothardnproc 65536 > > > > Please notice that I set 102400 KB of stack size for individual user. > However, when I ssh login and ulimit -a, I get > > > core file size(blocks, -c) 0 > data seg size (kbytes, -d) unlimited > file size (blocks, -f) unlimited > max locked memory (kbytes, -l) unlimited > max memory size (kbytes, -m) 1 > open files(-n) 1024 > pipe size (512 bytes, -p) 8 > stack size(kbytes, -s) 8192 > cpu time (seconds, -t) unlimited > max user processes(-u) 100 > virtual memory(kbytes, -v) unlimited > > > The stack size become 8192 only. Is there any configuration that make > the limit above limits.conf? > > > -- > Patrick Hsieh <[EMAIL PROTECTED]> > > GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
limits.conf problem
Hello list, This is my limits.conf for testing Debian GNU/Linux server: * hardcore0 * hardnofile 1024 * hardrss 1 * hardnproc 100 * hardstack 102400 roothardcore0 roothardnofile 65536 #roothardrss40 roothardnproc 65536 Please notice that I set 102400 KB of stack size for individual user. However, when I ssh login and ulimit -a, I get core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) 1 open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes(-u) 100 virtual memory(kbytes, -v) unlimited The stack size become 8192 only. Is there any configuration that make the limit above limits.conf? -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: /etc/security/limits.conf
On Sat, 2002-03-02 at 06:19, Greg Murphy wrote: > Hello, > > I have a user on my computer that I don't want to be able to do stupid things > like "yes > /dev/mem". I found a file called /etc/security/limits.conf that > seems to be able to do what I want. How do I enable it? Thanks. > > -Greg Murphy not sure... but check out ulimit
Re: /etc/security/limits.conf
> Hello, > > I have a user on my computer that I don't want to be able to do stupid things > like "yes > /dev/mem". I found a file called /etc/security/limits.conf that > seems to be able to do what I want. How do I enable it? Thanks. > > -Greg Murphy > I do not know how to use /etc/security/limits.conf in order to solve your problem. However here the permissions for /dev/mem are crw-r-: $ ls /dev/mem -l crw-r-1 root kmem 1, 1 Jan 26 22:39 /dev/mem $ Which surely prevents joe user from doing this: $ yes > /dev/mem bash: /dev/mem: Permission denied $ -- Shaul Karl email: shaulka(at-no-spam)bezeqint.net Please substitute (at-no-spam) with an at - @ - character. (at-no-spam) is meant for unsolicitate mail senders only.
/etc/security/limits.conf
Hello, I have a user on my computer that I don't want to be able to do stupid things like "yes > /dev/mem". I found a file called /etc/security/limits.conf that seems to be able to do what I want. How do I enable it? Thanks. -Greg Murphy
Re: limits.conf
On Mon, May 17, 1999 at 12:26:38PM +0200, Johan Pettersson wrote: > Hello! > > I have problem with the PAM-module. Have read the HOWTO-Security > and trying to restrict the number of processes. But it does not work > the user still have unlimited processes! (Debian 2.1) limits.conf only works if the login program uses PAM, which in Debian 2.1 (slink) it does not. Potato will boast more complete PAM support. -- --- - - --- - - - --- Ben Collins <[EMAIL PROTECTED]>Debian GNU/Linux OpenLDAP Dev - [EMAIL PROTECTED] The Choice of the GNU Generation -- -- - - - --- --- -- - - --- - --
limits.conf
Hello! I have problem with the PAM-module. Have read the HOWTO-Security and trying to restrict the number of processes. But it does not work the user still have unlimited processes! (Debian 2.1) -8<-- baduser hard nproc 5 --8<- -- //thx Johan
