On Thu, Dec 28, 2006 at 04:11:52PM +0100, Dr. Markus Waldeck wrote: > Package: libpam-modules > Version: 0.79-4 > Severity: important
> Unprivileged users have a file descriptor limit of 64. > This is configured in my /etc/security/limits.conf: > @users hard nofile 64 > I activated the resetting of the limits in > /etc/pam.d/su: > session required pam_limits.so > After the su to root I noticed that the nofile value > was not resetted to 1024 (the default value for root). Not for lack of trying: [...] setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = -1 EPERM (Operation not permitted) [...] The kernel doesn't allow setting an unlimited number of files. This is a known issue; pam_limits includes code to suppress any logs that this failure might otherwise generate. That's the correct thing to do, because the only other option would be for pam_limits to hardcode a value of 1024; there's nothing magical about that value, it just happens to be the kernel default, I don't see any reason that PAM should be hard-coding it. So if you want su to reset your file limit to 1024, please add an explicit limit in /etc/security/limits.conf for this. Leaving this bug open as there may be a need for additional documentation here. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]