[
https://issues.apache.org/jira/browse/CASSANDRA-2169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12996240#comment-12996240
]
paul cannon commented on CASSANDRA-2169:
----------------------------------------
I grepped through jsvc's source, and I don't see any references to pam at all.
So unless the jre has some special "switch users and set up a pam session"
functionality I don't know about, jsvc isn't setting up a pam session when
switching users.
This means limits.conf (and limits.d/cassandra.conf) are useless, except in
what they define for root's resource limits.
If we want to use both limits.conf and jsvc, then hrm. Maybe we could switch
users in the initscript using /bin/su, but afaik default debian and ubuntu
systems all comment out pam_limits.so from /etc/pam.d/su , so that wouldn't
work without monkeying with users' conffiles.
We could switch users in the initscript with sudo, but it's pretty hard to be
sure the user hasn't done something funky with their sudoers file which would
break our startup.
I can only come up with 2 halfway-decent options: both involve ditching
limits.d/cassandra.conf.
1: just /bin/su in the initscript and do a 'ulimit -l unlimited' in the child
before exec'ing jsvc.
2: implement limit setting and user switching in cassandra itself. is there any
good way to do setrlimit() and setuid() in java?
> user created with debian packaging is unable to increase memlock
> ----------------------------------------------------------------
>
> Key: CASSANDRA-2169
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2169
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Reporter: Jeremy Hanna
> Priority: Minor
>
> To reproduce:
> - Install a fresh copy of ubuntu 10.04.
> - Install sun's java6 jdk.
> - Install libjna-java 3.2.7 into /usr/share/java.
> - Install cassandra 0.7.0 from the apache debian packages.
> - Start cassandra using /etc/init.d/cassandra
> In the output.log there will be the following error:
> {quote}
> Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being
> swapped out, especially with mmapped I/O enabled. Increase RLIMIT_MEMLOCK or
> run Cassandra as root.
> {quote}
> This shouldn't be as the debian package creates
> /etc/security/limits.d/cassandra.conf and sets the cassandra user's memlock
> limit to 'unlimited'.
> I tried a variety of things including making the memlock unlimited for all
> users in /etc/security/limits.conf. I was able to run cassandra using root
> with jna symbolically linked into /usr/share/cassandra from /usr/share/java,
> but I could never get the init.d script to work and get beyond that error.
> Based on all the trial and error, I think it might have to do with the
> cassandra user itself, but my debian/ubuntu fu isn't as good as others'.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
