Setting limits
OK so I ran Bastille, it recommended setting limits on core size and number of user processes. this sounded reasonable to me so I agreed. It mentioned that the settings would be in /etc/security/limits.conf and that I could edit them later. Sounds good.
Later that night out of curiosity I typed ulimit -a in a bash session and I got this: nelamvr6@linux:~> ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 8191 virtual memory (kbytes, -v) unlimited Max user processors are 8191? Bastille recommended 150! So I took a look at /etc/security/limits.conf and found this: # prevent core dumps * hard core 0 #limit user processes per user to 150 * soft nproc 100 * hard nproc 150 So what gives? Why are these limits not enforced? I'm running SUSE 10.0 with KDE as my desktop. TIA |
The first time /etc/security/limits.conf is consulted is when you log in. Are you sure you logged out completely before checking?
|
OK, I got it sorted. Had to add ulimit lines to /etc/profile
Worked like a charm! |
Had to add ulimit lines to /etc/profile
Any good reason for doing that? AFAIk choosing a decentralised workaround like that bypasses PAM options you have with /etc/security/limits.conf like for instance per account or group settings (OK, unless you script it). |
Quote:
I attempte to change the statements in /etc/security/limits.conf, but that had no effect on the limits actually imposed on the user. Is there some other way I'm supposed to utilize PAM to effect these changes? |
If you have /etc/pam.d/system-auth and it contains a session line using pam_limits.so, and system-auth is referenced in /etc/pam.d/login, and if the contents of /etc/security/limits.conf are like you posted it, and if the shell doesn't override this in resource files (for Bash: /etc/bashrc, /etc/profile, /etc/profile.d/*.sh) then if the user is completely logged out and logs back in this should be working.
|
Quote:
So where do I go now? |
OK, I don't have /etc/pam.d/system-auth, system-auth is not reference in /etc/pam.d/login.
No, you have SuSE, so you have /etc/pam.d/common-.* ... and pam_limits.so is a session thing, so it's referenced in common-session. I had to check pam-0.80-6selinux1.i586.rpm for that, which doesn't show me any /etc/pam.d/SERVICENAME files. If you could post the contents of your /etc/pam.d/login that would come in handy. |
Quote:
#%PAM-1.0 auth required pam_securetty.so auth include common-auth auth required pam_nologin.so auth required pam_mail.so account include common-account password include common-password session include common-session session required pam_resmgr.so account required /lib/security/pam_access.so |
Quote:
|
All times are GMT -5. The time now is 11:14 PM. |