On Thu, Dec 28, 2006 at 04:11:52PM +0100, Dr. Markus Waldeck wrote:
> Package: libpam-modules
> Version: 0.79-4
> Severity: important
> Unprivileged users have a file descriptor limit of 64.
> This is configured in my /etc/security/limits.conf:
> @users hard nofile 64
> I activated the resetting of the limits in
> /etc/pam.d/su:
> session required pam_limits.so
> After the su to root I noticed that the nofile value
> was not resetted to 1024 (the default value for root).
Not for lack of trying:
[...]
setrlimit(RLIMIT_NOFILE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = -1
EPERM (Operation not permitted)
[...]
The kernel doesn't allow setting an unlimited number of files. This is a
known issue; pam_limits includes code to suppress any logs that this failure
might otherwise generate.
That's the correct thing to do, because the only other option would be for
pam_limits to hardcode a value of 1024; there's nothing magical about that
value, it just happens to be the kernel default, I don't see any reason that
PAM should be hard-coding it.
So if you want su to reset your file limit to 1024, please add an explicit
limit in /etc/security/limits.conf for this.
Leaving this bug open as there may be a need for additional documentation
here.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
