Re: Feature request: module [pam_limits]

Tue, 01 Mar 2016 02:07:35 -0800 

I really did not intend my suggestion to be a thermonuclear device.
I take yr comments seriously though; you have a point. That said, the
(perhaps weak) rationale behind introducing "group negation" in the `pam_limits` syntax is certainly not muddying waters, but rather change default values for all 
groups but the "negated" one. The same applies to users.
(I noticed yr comments only focused on groups. Does it mean you would second 
the feature request for syntax applying to users ?)

Perhaps that makes no sense to some/most/you, but I would consider it handy
and an alternative to group range limit specification, around a specific group, whose 
limit(s) you don't want to change.
As it stands, the existing pam_limits syntax allows us to express everything. 
I suggest an alternate way of expressing things in certain cases where
blanket rules introduces concision. It may not conform to the spirit or the habits 
of devs, perhaps breaking a rule unknown to me, along the lines of:
"You shan't provide alternative syntax to something that has one and ain't broken." 
But that I don't know. I am just a user, not a dev.
If this was not already a burial, then the community will decide. Tis all. Cheers. 
-ced


On 27/02/16 at 22:06, Ralf Mardorf wrote:

#<domain>      <type>  <item>         <value>
@foo           soft    nproc          20
@foo           hard    nproc          50

Every user who is _not_ in the group "foo", simply is _not_ in
this group, it makes completely no sense to introduce a negation of
being in a group, since the negation is already not being member of this
group.

[foo@linux ~]$ id foo
uid=1000(foo) gid=1000(foo) groups=1000(foo)

[foo@linux ~]$ id bar
uid=1001(bar) gid=1001(bar) groups=1001(bar),1000(foo)

[foo@linux ~]$ id jane_doe
uid=1002(jane_doe) gid=1002(jane_doe) groups=1002(jane_doe)

What would you gain by introducing a negation of being in a group? You
only would lose clarity?

You could set up a new group, if nobody should be in the group
"foo", but the user "foo".

#<domain>      <type>  <item>         <value>
@npgroup       soft    nproc          20
@npgroup       hard    nproc          50

[foo@linux ~]$ id foo
uid=1000(foo) gid=1000(foo) groups=1000(foo),50(npgroup)

[foo@linux ~]$ id bar
uid=1001(bar) gid=1001(bar) groups=1001(bar),50(npgroup)

[foo@linux ~]$ id jane_doe
uid=1002(jane_doe) gid=1002(jane_doe) groups=1002(jane_doe)




--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Reply via email to