ulimit change still does not persist across system boot
Tobias Speckbacher
TSpeckbacher at quova.com
Mon Jun 19 18:27:08 UTC 2006
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Russell Harrison
> Sent: Saturday, June 17, 2006 9:26 AM
> To: General Red Hat Linux discussion list
> Subject: Re: ulimit change still does not persist across system boot
>
> We had a problem with this at one point. I believe the culprit was
pam.
> When you log into the box via ssh it calls pam to authenticate. This
> switches your user in the process, reducing your ulimit back to 1024.
By
> the time you've gotten a shell your ulimit max is once again 1024.
>
> We found the settings did work if you did one of: A) Logged in
directly
> from
> the console, B) did a su - username as root, C) started the command in
an
> init script with su - username -c <startup command>
>
> I don't remember how we got it to work from a ssh session though. We
may
> have given up and just done our start / stops with init scripts.
The only way I know of fixing the ssh/limits issue is turning off
privilege separation in sshd_config. The issue is that sshd changes the
euid to the authenticating user after pam authentication is processed,
thus limits do not get applied to the session you are creating.
Privilege separation is an added layer of security, so you might not
want to mess with it.
Alternatively you can set the limits post login in your .bash_profile.
>
> Russell
>
> On 6/16/06, Yard, John <jyard at ais.ucla.edu> wrote:
> >
> >
> > Did not work, JYard
> >
> >
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com] On Behalf Of
> > joe at illegal-access.de
> > Sent: Friday, June 16, 2006 1:57 PM
> > To: redhat-list at redhat.com
> > Subject: AW: ulimit change still does not persist across system boot
> >
> > Take a loot at "/etc/security/limits.conf" ...
> >
> > Set there something like:
> >
> > USERNAME - nofile 8192
> >
> > ...this should work
> >
> > cu,
> > Joe
> >
> > PS: the file-mode shall be 644... cross-check that also ;-)
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list