subject:"login.conf question"

login.conf question

2000-04-13 Thread James Halstead


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hey out there!
This is my first time doing someting like an i am having problems
with one part. The session limit does not seem to be working. My
understanding was that this was a hard limit for the number of
simutanious logins a person may have. I created a test account and
was able to have 6 logins open even though the limit is set to 4.
Also I am curious if i set the idletime and warntime right, and if i
need to have the accounting enabled in order for things to work. 

thanks for any help.

James

-  begin login.conf 

# login.conf - login class capabilities database.
# After each edit don't forget to run:
# cap_mkdb /etc/login.conf

#defaults - defaults for all users except root
# NOTE: default gives no recource limits!!

default:\
 :cputime=unlimited:\
 :filesize=unlimited:\
 :datasize=unlimited:\
 :stacksize=unlimited:\
 :coredumpsize=unlimited:\
 :memoryuse=unlimited:\
 :memorylocked=unlimited:\
 :maxproc=unlimited:\
 :openfiles=unlimited:\
 :manpath=/usr/share/man /usr/local/man:\
 :nologin=/var/run/nologin:\
 :path=~/bin /usr/local/bin /usr/bin /bin:\
 :priority=0:\
 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
 :term=vt100:\
 :umask=022:\
 :welcome=/etc/motd:\
 :minpasswordlen=8:\
 :copyright=/etc/COPYRIGHT:\
 :idletime=unlimited:\
 :sessionlimit=unlimited:

#root - make absolutly sure root can do anything.
root:\
 :ignorenologin:\
 :umask=077:\
 :tc=default:
 
#cstudent - limit the recources for c class students.
cstudent:\
 :accounted:\
 :cputime=1h:\
 :filesize=5m:\
 :datasize=10m:\
 :stacksize=10k:\
 :coredumpsize=1m:\
 :memoryuse=10m:\
 :memorylocked=5m:\
 :maxproc=12:\
 :openfiles=20:\
 :requirehome:\
 :umask=077:\
 :sessionlimit=4:\
 :idletime=3h:\
 :warntime=2h45m:\
 :tc=default:

#cprof - give the prof a little more leeway to work with.
cprof:\
 :cputime=1h30m:\
 :datasize=15m:\
 :stacksize=1m:\
 :coredumpsize=2m:\
 :memoryuse=15m:\
 :memorylocked=10m:\
 :maxproc=20:\
 :openfiles=20:\
 :requirehome:\
 :umask=077:\
 :tc=default:

#superuser - more powerful accounts, but not root powerful.
superuser:\
 :ignorenologin:\
 :umask=077:\
 :tc=default:\

daemon:\
 :tc=default:

news:\
 :tc=default:

dialer:\
 :tc=default:

-  end login.conf 
- ---
For my public key please visit:
http://www.dreamscape.com/halstead/jh.asc
- ---

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use 

iQA/AwUBOPZ62SdhQGc59hmGEQIg6gCg2LHCsV7DxykNmA5wfu7cZ+BI0C0AoKeg
CxHDm0zb7FCrBzoTZRv/vIww
=DFqR
-END PGP SIGNATURE-




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: login.conf question

2000-04-13 Thread Bhishan Hemrajani


Alright, a couple things come to mind here.

1. Did you make the database? (# cap_mkdb /etc/login.conf)
2. Did you add the user to the class (# chfn user)
   (and then put the class name in the class field)
3. If you did do that, login as the user (not su), and
   type "limit" and give me an output.

--bhishan

[Internal error while calling pgp, raw data follows]
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> hey out there!
> This is my first time doing someting like an i am having problems
> with one part. The session limit does not seem to be working. My
> understanding was that this was a hard limit for the number of
> simutanious logins a person may have. I created a test account and
> was able to have 6 logins open even though the limit is set to 4.
> Also I am curious if i set the idletime and warntime right, and if i
> need to have the accounting enabled in order for things to work. 
> 
> thanks for any help.
> 
> James
> 
> -  begin login.conf 
> 
> # login.conf - login class capabilities database.
> # After each edit don't forget to run:
> # cap_mkdb /etc/login.conf
> 
> #defaults - defaults for all users except root
> # NOTE: default gives no recource limits!!
> 
> default:\
>  :cputime=unlimited:\
>  :filesize=unlimited:\
>  :datasize=unlimited:\
>  :stacksize=unlimited:\
>  :coredumpsize=unlimited:\
>  :memoryuse=unlimited:\
>  :memorylocked=unlimited:\
>  :maxproc=unlimited:\
>  :openfiles=unlimited:\
>  :manpath=/usr/share/man /usr/local/man:\
>  :nologin=/var/run/nologin:\
>  :path=~/bin /usr/local/bin /usr/bin /bin:\
>  :priority=0:\
>  :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
>  :term=vt100:\
>  :umask=022:\
>  :welcome=/etc/motd:\
>  :minpasswordlen=8:\
>  :copyright=/etc/COPYRIGHT:\
>  :idletime=unlimited:\
>  :sessionlimit=unlimited:
> 
> #root - make absolutly sure root can do anything.
> root:\
>  :ignorenologin:\
>  :umask=077:\
>  :tc=default:
>  
> #cstudent - limit the recources for c class students.
> cstudent:\
>  :accounted:\
>  :cputime=1h:\
>  :filesize=5m:\
>  :datasize=10m:\
>  :stacksize=10k:\
>  :coredumpsize=1m:\
>  :memoryuse=10m:\
>  :memorylocked=5m:\
>  :maxproc=12:\
>  :openfiles=20:\
>  :requirehome:\
>  :umask=077:\
>  :sessionlimit=4:\
>  :idletime=3h:\
>  :warntime=2h45m:\
>  :tc=default:
> 
> #cprof - give the prof a little more leeway to work with.
> cprof:\
>  :cputime=1h30m:\
>  :datasize=15m:\
>  :stacksize=1m:\
>  :coredumpsize=2m:\
>  :memoryuse=15m:\
>  :memorylocked=10m:\
>  :maxproc=20:\
>  :openfiles=20:\
>  :requirehome:\
>  :umask=077:\
>  :tc=default:
> 
> #superuser - more powerful accounts, but not root powerful.
> superuser:\
>  :ignorenologin:\
>  :umask=077:\
>  :tc=default:\
> 
> daemon:\
>  :tc=default:
> 
> news:\
>  :tc=default:
> 
> dialer:\
>  :tc=default:
> 
> -  end login.conf 
> - ---
> For my public key please visit:
> http://www.dreamscape.com/halstead/jh.asc
> - ---
> 
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 6.5.1 for non-commercial use 
> 
> iQA/AwUBOPZ62SdhQGc59hmGEQIg6gCg2LHCsV7DxykNmA5wfu7cZ+BI0C0AoKeg
> CxHDm0zb7FCrBzoTZRv/vIww
> =DFqR
> -END PGP SIGNATURE-
> 
> 
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
> 
[End of raw data]



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: login.conf question

2000-04-14 Thread Bhishan Hemrajani


Instead of using sessionlimit, why don't you limit the number of processes.

That way, the number of shells that they can have is limited also.

--bhishan

> 
> That might make sence at first, but that should still keep one person from
> logging in more than 4 times. Also i tested the session time and that is
> not working either so that makes me think there is something else i am
> missing.
> 
> Besides the maxproc will pretty much limit them anyway ;) although that
> might make for more questions about why they can't run any programs when
> they have too many logins. Owell, I have yet to have anybody actually try
> to log in that many times. 
> 
> Perhaps there is something else i am forgetting to enable this? maby a
> kernal option or sysctl?
> 
>  On Thu, 13 Apr 2000, Bhishan
> Hemrajani wrote:
> 
> > >From "man login.conf":
> >  sessiontime   timeMaximum login time per session.
> >  sessionlimit  number  Maximum number of concurrent login
> >sessions on ttys in any group.
> > 
> > It seems here that session limit is on a per group basis.
> > 
> > Try making a couple users, then logging in with each of those users.
> > I think that's what it might be limiting.
> > 
> > --bhishan
> > 
> > [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > > Bhishan Hemrajani wrote:
> > > 
> > > 
> > > > Alright, a couple things come to mind here.
> > > >
> > > > 1. Did you make the database? (# cap_mkdb /etc/login.conf)
> > > 
> > > Yes i made sure to do this ;)
> > > 
> > > > 2. Did you add the user to the class (# chfn user)
> > > >(and then put the class name in the class field)
> > > 
> > > also yes (chpass)
> > > 
> > > > 3. If you did do that, login as the user (not su), and
> > > >type "limit" and give me an output.
> > > 
> > > % limit
> > > cputime 1:00:00
> > > filesize5120 kbytes
> > > datasize10240 kbytes
> > > stacksize   10 kbytes
> > > coredumpsize1024 kbytes
> > > memoryuse   10240 kbytes
> > > memorylocked5120 kbytes
> > > maxproc 12
> > > openfiles   20
> > > 
> > > that's odd, it dosn't mention the session limits. I knew that the other
> > > limits worked, I tested them with a forkbomb, a mallocbomb and an infinitly
> > > recursive program just to see what would happen. fork and malloc failed
> > > expectedly and the infinit recursion segfaults after about 5400 recursions.
> > > 
> > > Unless there is a problem with my login.conf or there is an option somewhere
> > > that i have to enable I don't know why the sessionlimit and idletime don't
> > > work (although i haven't tested the idletime)
> > > 
> > > >
> > > > --bhishan
> > > > >
> > > > > hey out there!
> > > > > This is my first time doing someting like an i am having problems
> > > > > with one part. The session limit does not seem to be working. My
> > > > > understanding was that this was a hard limit for the number of
> > > > > simutanious logins a person may have. I created a test account and
> > > > > was able to have 6 logins open even though the limit is set to 4.
> > > > > Also I am curious if i set the idletime and warntime right, and if i
> > > > > need to have the accounting enabled in order for things to work.
> > > > >
> > > > > thanks for any help.
> > > > >
> > > > > James
> > > > >
> > > > > -  begin login.conf 
> > > > >
> > > > > # login.conf - login class capabilities database.
> > > > > # After each edit don't forget to run:
> > > > > # cap_mkdb /etc/login.conf
> > > > >
> > > > > #defaults - defaults for all users except root
> > > > > # NOTE: default gives no recource limits!!
> > > > >
> > > > > default:\
> > > > >  :cputime=unlimited:\
> > > > >  :filesize=unlimited:\
> > > > >  :datasize=unlimited:\
> > > > >  :stacksize=unlimited:\
> > > > >  :coredumpsize=unlimited:\
> > > > >  :memoryuse=unlimited:\
> > > > >  :memorylocked=unlimited:\
> > > > >  :maxproc=unlimited:\
> > > > >  :openfiles=unlimited:\
> > > > >  :manpath=/usr/share/man /usr/local/man:\
> > > > >  :nologin=/var/run/nologin:\
> > > > >  :path=~/bin /usr/local/bin /usr/bin /bin:\
> > > > >  :priority=0:\
> > > > >  :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
> > > > >  :term=vt100:\
> > > > >  :umask=022:\
> > > > >  :welcome=/etc/motd:\
> > > > >  :minpasswordlen=8:\
> > > > >  :copyright=/etc/COPYRIGHT:\
> > > > >  :idletime=unlimited:\
> > > > >  :sessionlimit=unlimited:
> > > > >
> > > > > #root - make absolutly sure root can do anything.
> > > [snip]
> > > cstudent is the class that i am working with
> > > > > #cstudent - limit the recources for c class students.
> > > > > cstudent:\
> > > > >  :accounted:\
> > > > >  :cputime=1h:\
> > > > >  :filesize=5m:\
> > > > >  :datasize=10m:\
> > > > >  :stacksize=10k:\
> > > > >  :coredumpsize=1m:\
> > > > >  :memoryuse=10m:\
> > > > >  :memorylocked=5m:\
> > > > >  :maxproc=12:\
> > > > >  :openfiles=20:\
> > > > >  :requirehome:\
> > > > >  :umask

Re: login.conf question

2000-04-14 Thread James Halstead


Actually I tested this theory (all with remote logins, not sued) and it let
me login 13 times (maxproc set to 12) however once i hit the 11'th login it
made all the logins useless. Anytime i tried to run a process I got an error
from bash that it could not fork. After the 11'th login i got this error
when i logged on but still gives me the shell prompt, although i could not
do anything.

So apparently even with the maxproc limit, the login is allowed to su to the
user making them over their limit. This is where the sesssion limit should
take place making it harder for the user to hit the maxproc limit by logging
in to many times. the bash fork error may confuse some of my users where a
friendly "too many logins" is easy to under stand.


Bhishan Hemrajani wrote:


> Instead of using sessionlimit, why don't you limit the number of
processes.
>
> That way, the number of shells that they can have is limited also.
>
> --bhishan
>
> >
> > That might make sence at first, but that should still keep one person
from
> > logging in more than 4 times. Also i tested the session time and that is
> > not working either so that makes me think there is something else i am
> > missing.
> >
> > Besides the maxproc will pretty much limit them anyway ;) although that
> > might make for more questions about why they can't run any programs when
> > they have too many logins. Owell, I have yet to have anybody actually
try
> > to log in that many times.
> >
> > Perhaps there is something else i am forgetting to enable this? maby a
> > kernal option or sysctl?
> >
> >  On Thu, 13 Apr 2000, Bhishan
> > Hemrajani wrote:
> >
> > > >From "man login.conf":
> > >  sessiontime   timeMaximum login time per
session.
> > >  sessionlimit  number  Maximum number of
concurrent login
> > >sessions on ttys in any
group.
> > >
> > > It seems here that session limit is on a per group basis.
> > >
> > > Try making a couple users, then logging in with each of those users.
> > > I think that's what it might be limiting.
> > >
> > > --bhishan
> > >
> > > [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > > > Bhishan Hemrajani wrote:
> > > >
> > > >
> > > > > Alright, a couple things come to mind here.
> > > > >
> > > > > 1. Did you make the database? (# cap_mkdb /etc/login.conf)
> > > >
> > > > Yes i made sure to do this ;)
> > > >
> > > > > 2. Did you add the user to the class (# chfn user)
> > > > >(and then put the class name in the class field)
> > > >
> > > > also yes (chpass)
> > > >
> > > > > 3. If you did do that, login as the user (not su), and
> > > > >type "limit" and give me an output.
> > > >
> > > > % limit
> > > > cputime 1:00:00
> > > > filesize5120 kbytes
> > > > datasize10240 kbytes
> > > > stacksize   10 kbytes
> > > > coredumpsize1024 kbytes
> > > > memoryuse   10240 kbytes
> > > > memorylocked5120 kbytes
> > > > maxproc 12
> > > > openfiles   20
> > > >
> > > > that's odd, it dosn't mention the session limits. I knew that the
other
> > > > limits worked, I tested them with a forkbomb, a mallocbomb and an
infinitly
> > > > recursive program just to see what would happen. fork and malloc
failed
> > > > expectedly and the infinit recursion segfaults after about 5400
recursions.
> > > >
> > > > Unless there is a problem with my login.conf or there is an option
somewhere
> > > > that i have to enable I don't know why the sessionlimit and idletime
don't
> > > > work (although i haven't tested the idletime)
> > > >
> > > > >
> > > > > --bhishan
> > > > > >
> > > > > > hey out there!
> > > > > > This is my first time doing someting like an i am having
problems
> > > > > > with one part. The session limit does not seem to be working. My
> > > > > > understanding was that this was a hard limit for the number of
> > > > > > simutanious logins a person may have. I created a test account
and
> > > > > > was able to have 6 logins open even though the limit is set to
4.
> > > > > > Also I am curious if i set the idletime and warntime right, and
if i
> > > > > > need to have the accounting enabled in order for things to work.
> > > > > >
> > > > > > thanks for any help.
> > > > > >
> > > > > > James
> > > > > >
> > > > > > -  begin login.conf 
> > > > > >
> > > > > > # login.conf - login class capabilities database.
> > > > > > # After each edit don't forget to run:
> > > > > > # cap_mkdb /etc/login.conf
> > > > > >
> > > > > > #defaults - defaults for all users except root
> > > > > > # NOTE: default gives no recource limits!!
> > > > > >
> > > > > > default:\
> > > > > >  :cputime=unlimited:\
> > > > > >  :filesize=unlimited:\
> > > > > >  :datasize=unlimited:\
> > > > > >  :stacksize=unlimited:\
> > > > > >  :coredumpsize=unlimited:\
> > > > > >  :memoryuse=unlimited:\
> > > > > >  :memorylocked=unlimited:\
> > > > > >  :maxproc=unlimited:\
> > > > > >  :openfiles=unlimited:\
> >

login.conf question

Re: login.conf question

Re: login.conf question

Re: login.conf question

4 matches

Site Navigation

Mail list logo

Footer information