Re: [Vserver] pam rlimits
On Sat, Jul 01, 2006 at 01:30:07PM +0300, Nikolay Kichukov wrote: Thanks Ben, That solves the error reporting. Are those limits only set outside of the guest and do they not apply per guest basis? the problem is more that the pam inside the guest tries to exceed given limits from the host Thanks, -Nik On Thu, 2006-06-15 at 11:08 -0400, Benoît des Ligneris wrote: Hello, Quick and dirty solution : you can edit the files that refer to pam_limits.so in your /etc/pam.d/ Generally, system-auth is concerned. You simply have to comment the line that refers to pam_limits #session required pam_limits.so The cause of the problem is that pam_limits try to set limits that are already sets _outside_ of the guest. If you want to play with the limits sets, you can modifiy /etc/security/limits.conf of the guest... [ All this was tested on a Mandriva guest but it sould be similar for other systems ] Ben Nikolay Kichukov a écrit : Hello everybody, I found out in thread http://list.linux-vserver.org/archive/vserver/msg10043.html that Thorsten Gunkel was having the same issue I experience right now with pam limits generating a lot of error output in the auth.log file on the guest. /var/log/auth.log : snip... Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 this means, it is trying to set rlimit #12 to unlimited (-1,-1) which very likely already got a limit from the host Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 same for limits #6,#8 and #11 HTH, Herbert Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for user psycho by (uid=0) Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn
Re: [Vserver] pam rlimits
Thanks Ben, That solves the error reporting. Are those limits only set outside of the guest and do they not apply per guest basis? Thanks, -Nik On Thu, 2006-06-15 at 11:08 -0400, Benoît des Ligneris wrote: Hello, Quick and dirty solution : you can edit the files that refer to pam_limits.so in your /etc/pam.d/ Generally, system-auth is concerned. You simply have to comment the line that refers to pam_limits #session required pam_limits.so The cause of the problem is that pam_limits try to set limits that are already sets _outside_ of the guest. If you want to play with the limits sets, you can modifiy /etc/security/limits.conf of the guest... [ All this was tested on a Mandriva guest but it sould be similar for other systems ] Ben Nikolay Kichukov a écrit : Hello everybody, I found out in thread http://list.linux-vserver.org/archive/vserver/msg10043.html that Thorsten Gunkel was having the same issue I experience right now with pam limits generating a lot of error output in the auth.log file on the guest. /var/log/auth.log : snip... Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for user psycho by (uid=0) Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #11 to
Re: [Vserver] pam rlimits
Hello, Quick and dirty solution : you can edit the files that refer to pam_limits.so in your /etc/pam.d/ Generally, system-auth is concerned. You simply have to comment the line that refers to pam_limits #session required pam_limits.so The cause of the problem is that pam_limits try to set limits that are already sets _outside_ of the guest. If you want to play with the limits sets, you can modifiy /etc/security/limits.conf of the guest... [ All this was tested on a Mandriva guest but it sould be similar for other systems ] Ben Nikolay Kichukov a écrit : Hello everybody, I found out in thread http://list.linux-vserver.org/archive/vserver/msg10043.html that Thorsten Gunkel was having the same issue I experience right now with pam limits generating a lot of error output in the auth.log file on the guest. /var/log/auth.log : snip... Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for user venkas by (uid=0) Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for user psycho by (uid=0) Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for user o2crew by (uid=0) Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #11 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #12 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #12 to