Re: does login.conf limitations work ?
On Sat, Apr 24, 1999 at 04:39:20PM +0200, Andrzej Bialecki wrote: > On Sat, 24 Apr 1999, Stephane Legrand wrote: > > > > That's also my impression. I glipmsed the whole source tree and I > > couldn't > > > find any place where the limits are enforced. BTW. what entity should > > > enforce login time limits? Kernel? Some user-space daemon? > > > > > > > To report a login.conf success, i've used on a 2.2.8 system the > > "cputime" ressource limit. I set it to zero and that worked very > > well. So may be only some limits are implemented ? cputime is just a plain old process rlimit. Implementing it should be as easy as calling setrlimit(). On the other hand, login time is a different story. Generally I've found that most of the stuff in login.conf, at least that which does things like setting rlimits, environment, and modifying some login behavior (motd, nologin, mail check, etc.) works. -- Nathan Dorfman The statements and opinions in my Unix Admin @ Frontline Communicationspublic posts are mine, not FCC's. "The light at the end of the tunnel is the headlight of an approaching train." --/usr/games/fortune To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
Luigi Rizzo once stated: => > "cputime" ressource limit. I set it to zero and that worked very => > well. So may be only some limits are implemented ? => => You're right, this part works. However, I was talking about login time => (which is how long can user be logged on to the system), which isn't => checked anywhere. = =too bad... this is something isp's would love to have! idled from ports? -mi To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
In article , Andrzej Bialecki wrote: > On Fri, 23 Apr 1999, Luigi Rizzo wrote: > > That's also my impression. I glipmsed the whole source tree and I couldn't > find any place where the limits are enforced. BTW. what entity should > enforce login time limits? Kernel? Some user-space daemon? Pre-PAM, it would have been done in login itself, I believe. That's where other things such as password expiration are checked. With PAM, it should go into the "account management" modules. Somebody has submitted such a module to me, and they're currently making some post-review revisions I requested. After that I will commit it. Note, it doesn't handle login time restrictions either -- it does only what login does now. However, once the module exists, we'll at least have a place to put the changes into. John -- John Polstra j...@polstra.com John D. Polstra & Co., Inc.Seattle, Washington USA "Self-interest is the aphrodisiac of belief." -- James V. DeLong To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
Andrzej Bialecki wrote: > > On Sat, 24 Apr 1999, Stephane Legrand wrote: > > > > That's also my impression. I glipmsed the whole source tree and I > > couldn't > > > find any place where the limits are enforced. BTW. what entity should > > > enforce login time limits? Kernel? Some user-space daemon? > > > > To report a login.conf success, i've used on a 2.2.8 system the > > "cputime" ressource limit. I set it to zero and that worked very > > well. So may be only some limits are implemented ? > > You're right, this part works. However, I was talking about login time > (which is how long can user be logged on to the system), which isn't > checked anywhere. It isn't. Login.conf, just like, now, pam, is one of those cases of a wonderful clean, orthogonal solution which is only partially implemented. I personally think login time should be enforced through tty revocation. The main problem is that no solution exists which will do the right thing regarding processes to kill for all processes. -- Daniel C. Sobral(8-DCS) d...@newsguy.com d...@freebsd.org "Well, Windows works, using a loose definition of 'works'..." To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
> > "cputime" ressource limit. I set it to zero and that worked very > > well. So may be only some limits are implemented ? > > You're right, this part works. However, I was talking about login time > (which is how long can user be logged on to the system), which isn't > checked anywhere. too bad... this is something isp's would love to have! cheers luigi ---+- Luigi RIZZO . EMAIL: lu...@iet.unipi.it. Dip. di Ing. dell'Informazione HTTP://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) ---+- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
On Sat, 24 Apr 1999, Brian Feldman wrote: > On Sat, 24 Apr 1999, Stephane Legrand wrote: > > > Andrzej Bialecki writes: > > > On Fri, 23 Apr 1999, Luigi Rizzo wrote: > > > > > > > Hi, > > > > > > > > i was wondering if the limitations that are supposed to be enforced via > > > > the login.conf mechanism do really work... > > > > > > > > In particular, i have tried (on 3.1 something, but don't think that > > > > current is much different in this respect) to enforce the daily etc. > > > > login times but the system seems to ignore them. > > > > > > > > I think /etc/login.conf is properly parsed, because if i assign a user > > > > to a class that is not defined in login.conf i get complaints, but > > > > other than that i am unable to limit login time... > > > > > > > > Any hints ? > > > > > > That's also my impression. I glipmsed the whole source tree and I > > couldn't > > > find any place where the limits are enforced. BTW. what entity should > > > enforce login time limits? Kernel? Some user-space daemon? > > > > > > > To report a login.conf success, i've used on a 2.2.8 system the > > "cputime" ressource limit. I set it to zero and that worked very > > well. So may be only some limits are implemented ? > > > > If you'd like to see where the ones which are implemented are implemented, > look at the process > context-switch routines in the kernel. Not having checked, but guessing, I > bet login reads > login.conf as a db and uses the values to set rlimits, which is where they > would be set. > > > Stephane Legrand. > > > > -- > > stephane.legr...@wanadoo.fr : http://perso.wanadoo.fr/stephane.legrand/ > > FreeBSD Francophone : http://www.freebsd-fr.org/ > > > > > > To Unsubscribe: send mail to majord...@freebsd.org > > with "unsubscribe freebsd-current" in the body of the message > > Some of it works, and some doesn't some is implemented in login, other parts are in init.. rob To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
On Sat, 24 Apr 1999, Stephane Legrand wrote: > Andrzej Bialecki writes: > > On Fri, 23 Apr 1999, Luigi Rizzo wrote: > > > > > Hi, > > > > > > i was wondering if the limitations that are supposed to be enforced via > > > the login.conf mechanism do really work... > > > > > > In particular, i have tried (on 3.1 something, but don't think that > > > current is much different in this respect) to enforce the daily etc. > > > login times but the system seems to ignore them. > > > > > > I think /etc/login.conf is properly parsed, because if i assign a user > > > to a class that is not defined in login.conf i get complaints, but > > > other than that i am unable to limit login time... > > > > > > Any hints ? > > > > That's also my impression. I glipmsed the whole source tree and I couldn't > > find any place where the limits are enforced. BTW. what entity should > > enforce login time limits? Kernel? Some user-space daemon? > > > > To report a login.conf success, i've used on a 2.2.8 system the > "cputime" ressource limit. I set it to zero and that worked very > well. So may be only some limits are implemented ? > If you'd like to see where the ones which are implemented are implemented, look at the process context-switch routines in the kernel. Not having checked, but guessing, I bet login reads login.conf as a db and uses the values to set rlimits, which is where they would be set. > Stephane Legrand. > > -- > stephane.legr...@wanadoo.fr : http://perso.wanadoo.fr/stephane.legrand/ > FreeBSD Francophone : http://www.freebsd-fr.org/ > > > To Unsubscribe: send mail to majord...@freebsd.org > with "unsubscribe freebsd-current" in the body of the message > Brian Feldman_ __ ___ ___ ___ ___ gr...@unixhelp.org_ __ ___ | _ ) __| \ FreeBSD: The Power to Serve! _ __ | _ \ _ \ |) | http://www.freebsd.org _ |___)___/___/ To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
On Sat, 24 Apr 1999, Stephane Legrand wrote: > > That's also my impression. I glipmsed the whole source tree and I couldn't > > find any place where the limits are enforced. BTW. what entity should > > enforce login time limits? Kernel? Some user-space daemon? > > > > To report a login.conf success, i've used on a 2.2.8 system the > "cputime" ressource limit. I set it to zero and that worked very > well. So may be only some limits are implemented ? You're right, this part works. However, I was talking about login time (which is how long can user be logged on to the system), which isn't checked anywhere. Andrzej Bialecki // WebGiro AB, Sweden (http://www.webgiro.com) // --- // -- FreeBSD: The Power to Serve. http://www.freebsd.org // --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
Andrzej Bialecki writes: > On Fri, 23 Apr 1999, Luigi Rizzo wrote: > > > Hi, > > > > i was wondering if the limitations that are supposed to be enforced via > > the login.conf mechanism do really work... > > > > In particular, i have tried (on 3.1 something, but don't think that > > current is much different in this respect) to enforce the daily etc. > > login times but the system seems to ignore them. > > > > I think /etc/login.conf is properly parsed, because if i assign a user > > to a class that is not defined in login.conf i get complaints, but > > other than that i am unable to limit login time... > > > > Any hints ? > > That's also my impression. I glipmsed the whole source tree and I couldn't > find any place where the limits are enforced. BTW. what entity should > enforce login time limits? Kernel? Some user-space daemon? > To report a login.conf success, i've used on a 2.2.8 system the "cputime" ressource limit. I set it to zero and that worked very well. So may be only some limits are implemented ? Stephane Legrand. -- stephane.legr...@wanadoo.fr : http://perso.wanadoo.fr/stephane.legrand/ FreeBSD Francophone : http://www.freebsd-fr.org/ To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
Re: does login.conf limitations work ?
On Fri, 23 Apr 1999, Luigi Rizzo wrote: > Hi, > > i was wondering if the limitations that are supposed to be enforced via > the login.conf mechanism do really work... > > In particular, i have tried (on 3.1 something, but don't think that > current is much different in this respect) to enforce the daily etc. > login times but the system seems to ignore them. > > I think /etc/login.conf is properly parsed, because if i assign a user > to a class that is not defined in login.conf i get complaints, but > other than that i am unable to limit login time... > > Any hints ? That's also my impression. I glipmsed the whole source tree and I couldn't find any place where the limits are enforced. BTW. what entity should enforce login time limits? Kernel? Some user-space daemon? Andrzej Bialecki // WebGiro AB, Sweden (http://www.webgiro.com) // --- // -- FreeBSD: The Power to Serve. http://www.freebsd.org // --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
