LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   setting memlock with limits.conf (http://www.linuxquestions.org/questions/linux-security-4/setting-memlock-with-limits-conf-933836/)

isaaclw 03-10-2012 10:30 PM

setting memlock with limits.conf
 
My server is linux mint 9, and I'm trying to mount an ecryptfs partition with fstab. The comments on the bug say I need to increase my "memlock"
https://bugs.launchpad.net/ecryptfs/...31439591304282
(Comment #6, and #7)

So I've been looking at /etc/security/limits.conf to try and figure out how I can increase the memlock:
Code:

dirac ~ # cat /etc/security/limits.conf | grep -vP '^#'

*                hard        memlock                128
root                hard        memlock                128
isaac          hard    memlock        128
isaac          soft    memlock        32768

As far as I can tell, editing this file does nothing. I must be missing something.
When I log in as either root or isaac, the memlock is still 64:
Code:

dirac ~ # ulimit -l
64
isaac@dirac:/root$ ulimit -l
64

When I'm root, I can change the limit to 128, but it's only for the length of my login. When I'm 'isaac' I naturally get errors.

The man page says:
Quote:

Also, please note that all limit settings are set per login. They are not global, nor are they permanent; existing only for the duration of the session.
Which makes me think that logging out and back in should reset it, but it doesn't.
Code:

dirac ~ # ps -ef | grep isaac
root    20901 20842  0 23:22 pts/0    00:00:00 grep --colour=auto isaac
dirac ~ # su isaac
isaac@dirac:/root$ ulimit -l
64

The one thing I haven't done yet is restart the server, but I'm interested in finding out if there's a way to fix this short of restarting.

isaaclw 03-11-2012 05:00 PM

Restarting didn't help. Instead I used this guide:
http://posidev.com/blog/2009/06/04/s...ers-on-ubuntu/

I edited:
Code:

isaac@dirac:~$ sudo vim /etc/pam.d/common-session
and added:
Code:

session required pam_limits.so
----
Edit: Also this was over an ssh server, so I had to set "UsePAM yes" in sshd_config.

To the end.


All times are GMT -5. The time now is 04:13 AM.