User proces limit

webserve · 08-12-2005, 03:15 PM

Hi,

I'am a little n00b :P thats speak not so good english

I'am using slackware 10.1 but i want a limit on a user proces
now i was searching google but they say about

/etc/security/limits.conf

This file is not exits ??

please help must i install something

Greetz webserve

Matir · 08-12-2005, 05:40 PM

From what I hear, Slackware doesn't use pam, which is responsible for handling limits.conf. You'll need to install PAM in order to use it.

Tinkster · 08-12-2005, 06:27 PM

Not exactly a security question, and it can be done
without PAM, Pat doesn't include it for a reason ;)

Have a read of
man bash
/ulimit

Cheers,
Tink

Matir · 08-12-2005, 06:47 PM

Tinkster: What is the reason it's not included? Do you know?

I personally like PAM quite a bit.

Tinkster · 08-12-2005, 07:05 PM

Quote:

Originally posted by Matir
Tinkster: What is the reason it's not included? Do you know?

I personally like PAM quite a bit. :)

Anderson?
/me ducks

Quote:

Slackware 9.1 ChangeLog.txt entry dated
Tue Sep 23 21:57:32 PDT 2003
In record time, this is Slackware 9.1 release candidate 2. :-)
gnome/gal2-1.99.10-i486-1.tgz: Upgraded to gal-1.99.10.
gnome/gdm-2.4.4.2-i486-1.tgz: Upgraded to gdm-2.4.4.2.
gnome/gnome-applets-2.4.1-i486-1.tgz: Upgraded to gnome-applets-2.4.1.
n/openssh-3.7.1p2-i486-1.tgz: Upgraded to openssh-3.7.1p2.
This fixes security problems with PAM authentication. It also includes
several code cleanups from Solar Designer. Slackware does not use PAM and is
not vulnerable to any of the fixed problems.
Please indulge me for this brief aside (as requests for PAM are on the rise):
If you see a security problem reported which depends on PAM, you can be
glad you run Slackware. I think a better name for PAM might be SCAM, for
Swiss Cheese Authentication Modules, and have never felt that the small
amount of convenience it provides is worth the great loss of system
security. We miss out on half a dozen security problems a year by not
using PAM, but you can always install it yourself if you feel that
you're missing out on the fun. (No, don't do that)
OK, I'm done ranting here. :-)
I suppose this is still a:
(* Security fix *)

In short, Pat's happy to live without the flexibility of
PAM in order to avoid the existing or up-coming exploits.
I can't comment on the validity of that point of view since
I haven't followed PAMs security history over the last 2 years,
but I've always lived by and prospered under the credo of
"In Pat We Trust". :)

Cheers,
Tink

Matir · 08-12-2005, 07:15 PM

I think with the ever-growing usage of PAM it will become even more secure and stable. Additionally, migrating a full network to LDAP authentication would be nearly impossible without PAM, as I understand it.

However, I respect Pat and his reasoning. To each their own.

Tinkster · 08-12-2005, 07:25 PM

Quote:

Additionally, migrating a full network to LDAP
authentication would be nearly impossible without PAM,
as I understand it.

It may be impossible (even though I don't think of many
things as impossible without having tried), but then one
could, for instance, use NIS/NIS+ instead. ;)

Cheers,
Tink

Matir · 08-12-2005, 07:52 PM

lol. Not even all services neccessarily work with NIS/NIS+.