John,
Do you mean to do away with limits in GNU linux on the basis that it is
weak security ?
Nobody I know has ever claimed it was anything but weak security. As you
point
out as security goes, it does not get you very far beyond keeping yr
box(es) a little
under control when they are at
I really did not intend my suggestion to be a thermonuclear device.
I take yr comments seriously though; you have a point. That said, the
(perhaps weak) rationale behind introducing "group negation" in the
`pam_limits`
syntax is certainly not muddying waters, but rather change default
values
On 02/27/2016 04:06 PM, Ralf Mardorf wrote:
> #
> @foo softnproc 20
> @foo hardnproc 50
>
> Every user who is _not_ in the group "foo", simply is _not_ in
> this group, it makes completely no sense to introduce a negation of
> being
#
@foo softnproc 20
@foo hardnproc 50
Every user who is _not_ in the group "foo", simply is _not_ in
this group, it makes completely no sense to introduce a negation of
being in a group, since the negation is already not being member
Lately I've been exploring how to harden an Ubuntu OS against possible
external attacks.
I am still at the level of basic recipes, but I noticed one tiny thing,
that I consider unwieldy...
Looking at "limits" for users on a system, I noticed that to configure
the pam_limits module