On Mon, Jul 16, 2001 at 04:33:21PM -0600, D. R. Evans wrote:
> > just tried to access the floppy with no floppy in the drive. It happens
> > quite frequently also when you do things like df or browse the /mnt/
> > directory, so the automounter tries to check if there's a disk.
> >
>
> I guess that there must be some background process(es) that cause this
> to happen, because it happens in the middle of the night, too
> (according to the log).
maybe some cron task ?
it should be periodical
> To you have any suggestions as to what might be a reasonable
> limits.conf file that might do the job in this case? I have 128MB of
> physical memory in the machine, and another 128MB of swap.
I never did this kind of experiments, so i'm not able to give you an
answer. maybe 200 megs of hard limit for total virtual memory for the
user should be fine.
> And an ancillary question, in case you happen to know the answer: if a
> program is run SETUID user <x> by user <y>, is the program subject to
> the limits for <x> or for <y>? I couldn't find the answer to that
> documented anywhere.
i have two users: player and munehiro. I set this for player in
limits.conf
player hard as 4000
no more than 4 megs (yes i know it's 4096 really ;) ) of space.
Switching to user player says
[munehiro@quela munehiro]$ su - player
[player@quela player]$ ulimit -a
core file size (blocks) 0
data seg size (kbytes) unlimited
file size (blocks) unlimited
max locked memory (kbytes) unlimited
max memory size (kbytes) unlimited
open files 1024
pipe size (512 bytes) 8
stack size (kbytes) 8192
cpu time (seconds) unlimited
max user processes 8191
virtual memory (kbytes) 4000
[player@quela player]$
trying to run a memory hungry program lead to an insuccess
[player@quela player]$ xmms
xmms: error while loading shared libraries: libm.so.6: cannot load
shared object file: Cannot allocate memory
[player@quela player]$ lynx
lynx: error while loading shared libraries: libc.so.6: cannot load
shared object file: Cannot allocate memory
[player@quela player]$
but i'm allowed to run simple programs
[player@quela player]$ ls
Desktop/ collection1.zip homm3_darkage.zip homm3_evilgood.zip mail/
nsmail/ tmp/
GNUstep/ collection2.zip homm3_deadfor.zip images/ maps/
temp/
[player@quela player]$
wanna some loki heroes III maps? :)
let's do some experiment
[munehiro@quela munehiro]$ su -
Password:
[root@quela root]# chown player.player /bin/ls
[root@quela root]# chmod u+s /bin/ls
[root@quela root]# ls -la /bin/ls
-rwsr-xr-x 1 player player 44828 mar 30 16:13 /bin/ls*
[root@quela root]#
then i set the limit to a tight one (10 k).
now
[munehiro@quela /]$ whoami
munehiro
[munehiro@quela /]$ ls
bin/ boot/ dev/ etc/ hd/ home/ lib/ mnt/ opt/ proc/ root/
sbin/ tmp/ usr/ var/
[munehiro@quela /]$ ls /home/munehiro
ls: /home/munehiro: Permesso negato
[munehiro@quela /]$ ls /home/player/
Desktop/ collection1.zip homm3_darkage.zip homm3_evilgood.zip mail/
nsmail/ tmp/
GNUstep/ collection2.zip homm3_deadfor.zip images/ maps/
temp/
[munehiro@quela /]$ ls -dl /home/player/
drwx------ 29 player player 4096 lug 17 18:40 /home/player//
[munehiro@quela /]$
seems quite clear that even ls is suid player, the referred limit is the
munehiro limit. I think this happens since the limits are set at login
time, so when a suid program runs, the suid hosting user (player in this
case) does not start any login session at all.
--
------------------------------------------------------------
*** This is an "Honor" virus. ***
We have unfortunately been very busy lately and haven't had the time,
nor in fact the expertise, to write a virus. So please take a couple
of minutes to open Windows and randomly delete 10 or 12 files (including
a minimum of 3 system files) and then send this email on to everyone on
your mailing list.
------------------------------------------------------------
