Setting limits
 

OK so I ran Bastille, it recommended setting limits on core size and number of user processes. this sounded reasonable to me so I agreed. It mentioned that the settings would be in /etc/security/limits.conf and that I could edit them later. Sounds good.

Later that night out of curiosity I typed ulimit -a in a bash session and I got this:

nelamvr6@linux:~> ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 8191
virtual memory (kbytes, -v) unlimited

Max user processors are 8191? Bastille recommended 150!

So I took a look at /etc/security/limits.conf and found this:

# prevent core dumps
* hard core 0

#limit user processes per user to 150
* soft nproc 100
* hard nproc 150


So what gives? Why are these limits not enforced? I'm running SUSE 10.0 with KDE as my desktop.

TIA

The first time /etc/security/limits.conf is consulted is when you log in. Are you sure you logged out completely before checking?

OK, I got it sorted. Had to add ulimit lines to /etc/profile

Worked like a charm!

Had to add ulimit lines to /etc/profile
Any good reason for doing that? AFAIk choosing a decentralised workaround like that bypasses PAM options you have with /etc/security/limits.conf like for instance per account or group settings (OK, unless you script it).

Well there were statements limiting user processes in my /etc/security/limits.conf , but for some reason those limits were not in place when I executed ulimit -a. It appears that for some reason my distro was ignoring /etc/security/limits.conf while it pays attention to /etc/profile .

I attempte to change the statements in /etc/security/limits.conf, but that had no effect on the limits actually imposed on the user. Is there some other way I'm supposed to utilize PAM to effect these changes?

If you have /etc/pam.d/system-auth and it contains a session line using pam_limits.so, and system-auth is referenced in /etc/pam.d/login, and if the contents of /etc/security/limits.conf are like you posted it, and if the shell doesn't override this in resource files (for Bash: /etc/bashrc, /etc/profile, /etc/profile.d/*.sh) then if the user is completely logged out and logs back in this should be working.

OK, I don't have /etc/pam.d/system-auth, system-auth is not reference in /etc/pam.d/login.

So where do I go now?

OK, I don't have /etc/pam.d/system-auth, system-auth is not reference in /etc/pam.d/login.
No, you have SuSE, so you have /etc/pam.d/common-.* ... and pam_limits.so is a session thing, so it's referenced in common-session. I had to check pam-0.80-6selinux1.i586.rpm for that, which doesn't show me any /etc/pam.d/SERVICENAME files. If you could post the contents of your /etc/pam.d/login that would come in handy.

Here it is:

#%PAM-1.0
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
auth required pam_mail.so
account include common-account
password include common-password
session include common-session
session required pam_resmgr.so
account required /lib/security/pam_access.so