----- Original Message -----
From: "Philip Van Hoof" <[EMAIL PROTECTED]>
To: "Steven Lawrance" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 04, 2001 10:09 AM
Subject: Re: [Cooker] Nothing about Linux, but it's too nice!!! [WAS: weird
Windows 2000/XP bug]
>
> On 2001.11.04 16:57 Steven Lawrance wrote:
> > I'll have to look into ulimit through PAM :-). Thanks for the info
:-)!!
>
> For ulimit, you will have to check the information of bash. Since ulimit
> is a bash-thing. (man bash+/+ulimit). ulimit is for the processes forked
> by bash only I think, while PAM is system wide. So if you have a lot
> users with all different "limits"; I think ulimit is the best choice,
> else use PAM. But I guess other people on this list have better
suggestions
> about this one. I am not sure about this one; but I think that if the
> user changes his shell, that the ulimit (which you set at one of the
> startup scripts) will not be set. So you must also make it impossible
> for that user to change his shell (chmod -s /usr/bin/chsh).
While ulimit is a shell built-in command under bash and other shells, the
shells themselves have nothing to do with enforcing the limits set by these
commands. These built-in commands are just an interface to the resource
limit routines 'getrlimit() and setrlimit(). The kernel ends up doing the
enforcing of these limits. Exec'ing another shell or using a sub-processes
to circumvent the limits will not work.
See the setrlimit and getrlimit man pages for more info. Setting these
limits is a good thing on machines that allow multiple user logins since
beginning programmers tend to write code with 'while (1) { fork(); } '
without even knowing it sometimes ;-)
I did not know that pam had a resource limit type function, I will have to
check that out!
<snip>
