> >> Your group support is not very useful, yet, because it only checks the > >> current group. > > > > True, but group support wasn't really my prime objective at this point in > > time (see below). > > That's what I figured. Sorry to sound overly critical. I should have > framed my comments in a positive context.
Hey, no problem. Spurred on by your comments and the fact I unexpectedly found myself with a little free time overnight, I have addressed the issues with the group support in set_rtlimits. Group and user name spaces are now treated separately, with groupnames starting with a @ character. Furthermore, a user's supplementary group list is now scanned for a match (they are correctly propagated to a setuid binary, at least under Linux), making the group support more useful for people in general. I also took the opportunity to improve the clarity of some error messages. Set_rtlimits 1.1.0 can be downloaded using the URL http://www.physics.adelaide.edu.au/~jwoithe/set_rtlimits-1.1.0.tgz Set_rtlimits is now also linked on my homepage at http://www.physics.adelaide.edu.au/~jwoithe in the "Linux things" section. > Your program is quite useful and timely. Given the difficulty of > patching and then configuring PAM, I expect very few users to use the > new rlimits effectively until those changes have percolated down into > widely-available distributions. Indeed, and there are some which won't use PAM at all. > My comments were intended to encourage further development of this > useful program, not to come across as harsh and critical. No problem - sorry if I came across as annoyed. Constructive comments and suggestions are always welcome. Another thing I'm pondering is adding support for setting the memlock limit for selected binaries; this way a user doesn't have to be granted large memlock limits in general just so they can run one or two apps which need it. If this happens I might rename set_rtlimits to set_rlimits since this change would make it more general than just dealing with realtime limits. Would this be useful for people? Best regards jonathan
