On Tue, Mar 12, 2002 at 12:15:26PM +0100, Russell Coker wrote: > BTW, why exactly do you need to have so many root owned processes? > > Every root owned process is a potential security hole. Is it possible to > make some of these things use non-root?
The server is running CommuniGate Pro, which must be run as root. I'm not particularly comfortable with the idea myself, but since the server is only doing email, then if somebody compromises the mail software, they have control over everything important that happens on the server anyhow. It looks like the real problem was actually the pam_limits module that is being loaded from the various pam.d configuration files. It was doing a setrlimit(RLIMIT_NPROC, 256), which resulted in it not being able to perform the various setuid/setgid calls and whatnot and then spawn the login shell. Thanks again for your help, Wayne -- Wayne A. Tucker - [EMAIL PROTECTED] Network Engineer, Donobi Inc. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
