Jonathan Woithe <[EMAIL PROTECTED]> writes: > Spurred on by your comments and the fact I unexpectedly found myself with a > little free time overnight, I have addressed the issues with the group > support in set_rtlimits. Group and user name spaces are now treated > separately, with groupnames starting with a @ character. Furthermore, a > user's supplementary group list is now scanned for a match (they are > correctly propagated to a setuid binary, at least under Linux), making the > group support more useful for people in general. I also took the > opportunity to improve the clarity of some error messages.
That's great, thanks! >> Your program is quite useful and timely. Given the difficulty of >> patching and then configuring PAM, I expect very few users to use the >> new rlimits effectively until those changes have percolated down into >> widely-available distributions. > > Indeed, and there are some which won't use PAM at all. :-) > Another thing I'm pondering is adding support for setting the memlock limit > for selected binaries; this way a user doesn't have to be granted large > memlock limits in general just so they can run one or two apps which need > it. If this happens I might rename set_rtlimits to set_rlimits since this > change would make it more general than just dealing with realtime limits. > Would this be useful for people? Good idea. It's really just another different kind of realtime limit. Some people would want to control it separately from scheduling, I think. -- joq
