Package: sudo Version: 1.7.4p4-2.squeeze.2 Severity: normal
The current behavior of sudo together with user limits is broken. It did work properly on Lenny. We run a Java/Tomcat app that needs lots of file descriptors. The app is started by loggin in with a presonal user account, 'sudo'ing into an application account, then starting Tomcat. /etc/security/limits.conf: * hard nofile 64000 * soft nofile 64000 $ ssh host dg@host:~$ ulimit -n 64000 So far so good. dg@host:~$ sudo su - mn [sudo] password for dg: mn@host:~$ ulimit -n 1024 mn@host:~$ ulimit -n 64000 -su: ulimit: open files: cannot modify limit: Operation not permitted As you can see, the 'open files' limit gets lost on the user change. This was not the case with Lenny. Workaround: Add this to /etc/security/limits.conf: root hard nofile 64000 root soft nofile 64000 Now it works as it did on Lenny. I have read in some other bug report that '*' in limits.conf does not apply to 'root' in Debian. This is not true for Lenny, but that is the behavior on Squeeze. So I guess that the 'fix' for this Debian-specific behaviour actually broke sudo... (Sorry about the package, I don't know if it is a sudo bug or rather pam-whatever) Best regards, David Gubler, Doodle AG -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sudo depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libpam-modules 1.1.1-6.1 Pluggable Authentication Modules f ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/sudoers.d/README [Errno 13] Permission denied: u'/etc/sudoers.d/README' -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
