[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomdir fix(ldap, su problem)



On Mon, Jul 07, Nalin Dahyabhai wrote:

> Consider pam_limits, which to work properly must be called to open a
> session after privileges have been dropped (else certain limits such as
> that on the number of running processes prevents applications like sshd
> from even forking to start a shell on behalf of the user).  IIRC, this
> is the specific reason that OpenSSH has flipflopped on this particular
> question before [1].

This is incorrect. pam_limits does not work after privileges have
been dropped (No bugzilla ID, because our bugzilla is not public
accessible for everybody) and this is the reason why we revert
most this changes.

There are limits, which you can only modify as root, and others
which should only be set as user. In this special case I think this
is a pam_limits problem and cannot be fixed in the application itself
by dropping privilegs to early.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk suse de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]