Re: [Vserver] pam rlimits

Benoît des Ligneris Thu, 15 Jun 2006 08:08:25 -0700

Hello,

Quick and dirty solution : you can edit the
files that refer to pam_limits.so in your /etc/pam.d/


Generally, system-auth is concerned. You simply have to comment the line
that refers to pam_limits
#session     required      pam_limits.so

The cause of the problem is that pam_limits try to set limits that arealready sets _outside_ of the guest.


If you want to play with the limits sets, you can modifiy
/etc/security/limits.conf of the guest...

[ All this was tested on a Mandriva guest but it sould be similar forother systems ]


Ben


Nikolay Kichukov a écrit :

Hello everybody,
I found out in threadhttp://list.linux-vserver.org/archive/vserver/msg10043.html thatThorsten Gunkel was having the same issue I experience right now withpam limits generating a lot of error output in the auth.log file on theguest.
/var/log/auth.log :

snip...
Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0
Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root
Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for uservenkas by (uid=0)Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for uservenkas by (uid=0)Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for uservenkas by (uid=0)Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for userpsycho by (uid=0)Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for usero2crew by (uid=0)Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for usero2crew by (uid=0)Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for usero2crew by (uid=0)Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0
Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas
Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0
Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas
Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #11 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #12 to soft=-1,hard=-1 failed: Operation not permitted; uid=0 euid=0
snip...


I am running:
Versions:
                  Kernel: 2.6.16.11-vs2.1.1-rc19nevir
                  VS-API: 0x000100ff
            util-vserver: 0.30.210; Jun  8 2006, 11:16:27

Features:
                      CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1)
                     CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1)
                CPPFLAGS: ''
CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W-funit-at-a-time'CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W-fmessage-length=0 -funit-at-a-time'
              build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
            Use dietlibc: yes
      Build C++ programs: yes
      Build C99 programs: yes
          Available APIs: compat,v11,fscompat,v13,net,oldproc,olduts
           ext2fs Source: e2fsprogs
   syscall(2) invocation: alternative
     vserver(2) syscall#: 273/glibc

Paths:
                  prefix: /usr/local
       sysconf-Directory: /etc
           cfg-Directory: /etc/vservers
        initrd-Directory: $(sysconfdir)/init.d
      pkgstate-Directory: ${prefix}/var/run/vservers
         vserver-Rootdir: /var/lib/vservers/


How can this problem be solved?

Regards,
-Nikolay Kichukov
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


--
Benoit des Ligneris Ph. D.
President de Revolution Linux            http://www.revolutionlinux.com/
OSCAR                                 http://oscar.openclustergroup.org/
EduLinux                                        http://www.edulinux.org/

Toutes les opinions et les prises de position exprimées dans ce courriel
sont celles de son auteur et ne répresentent pas nécessairement celles
de Révolution Linux

Any views and opinions expressed in this email are solely those of the
author and do not necessarily represent those of Revolution Linux


_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] pam rlimits

Reply via email to