Your message dated Mon, 2 Mar 2009 13:51:33 -0800
with message-id <[email protected]>
and subject line Re: Bug#515673: libpam-modules: limits set in
/etc/security/limits.conf are ignored
has caused the Debian Bug report #515673,
regarding libpam-modules: limits set in /etc/security/limits.conf are ignored
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
515673: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515673
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-modules
Version: 1.0.1-5
Severity: important
When the custom limit of resources for user or group is set in
/etc/security/limits.conf,
it is ignored at user login.
Foe example, we need to increase the number of open files for the user.
We add this line to the config file:
user hard nofile 4096
The limit is default:
# ulimit -n
1024
Now we change user:
#su - user
user@:~$ ulimit -n
1024
So, there is no way to increase this limit for a user.
In etch there was a way to set ulimit in the root shell and then su
into this user.
Now this is fixed and the limits are reset when user is changed.
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_UA.UTF-8, LC_CTYPE=ru_UA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libpam-modules depends on:
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [
ii libpam0g 1.0.1-5 Pluggable Authentication Modules l
ii libselinux1 2.0.65-5 SELinux shared libraries
libpam-modules recommends no packages.
libpam-modules suggests no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
tags 515673 -confirmed
thanks
On Mon, Feb 16, 2009 at 11:41:08PM -0800, Steve Langasek wrote:
> On Mon, Feb 16, 2009 at 10:32:09PM +0200, Sasha Martsinuk wrote:
> > When the custom limit of resources for user or group is set in
> > /etc/security/limits.conf,
> > it is ignored at user login.
> > Foe example, we need to increase the number of open files for the user.
> > We add this line to the config file:
> > user hard nofile 4096
> > The limit is default:
> > # ulimit -n
> > 1024
> > Now we change user:
> > #su - user
> > user@:~$ ulimit -n
> > 1024
> > So, there is no way to increase this limit for a user.
> > In etch there was a way to set ulimit in the root shell and then su
> > into this user.
> > Now this is fixed and the limits are reset when user is changed.
> Yes, unfortunately I can confirm this bug, which has also been reported
> in Ubuntu just a few days ago at
> <https://bugs.launchpad.net/ubuntu/+source/pam/+bug/327597>.
> It's a bug in a Debian-specific patch, which was recently changed to fix a
> previous bug, that initializing the limit to RLIM_INFINITY would throw
> warnings. We need to fix this to set "sensible" hard and soft limits for
> nofile. RLIM_INFINITY is not such a value; the value of
> /proc/sys/fs/nr_open might be a reasonable hard limit, though not a
> reasonable default soft limit.
I've dug into this now and found that this isn't a PAM bug at all.
Your test shows that you're setting the hard limit in limits.conf. But
'ulimit -n' doesn't check the hard limit, it checks the soft limit.
Run 'ulimit -H -n' to compare. If I set up a user with 'user hard nofile
4096' and su to that user, the soft limit (ulimit -n; ulimit -S -n) is left
alone as expected, and the hard limit (ulimit -H -n) is raised as expected.
If you want to also raise the soft limit (i.e., the limit currently applied
to the process, as distinct from the maximum value the user is allowed to
set the limit to), you should also set 'user soft nofile 4096' in
limits.conf.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[email protected] [email protected]
--- End Message ---
