[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: ulimit change still does not persist across system boot




> -----Original Message-----
> From: redhat-list-bounces redhat com [mailto:redhat-list-
> bounces redhat com] On Behalf Of Russell Harrison
> Sent: Saturday, June 17, 2006 9:26 AM
> To: General Red Hat Linux discussion list
> Subject: Re: ulimit change still does not persist across system boot
> 
> We had a problem with this at one point.  I believe the culprit was
pam.
> When you log into the box via ssh it calls pam to authenticate.  This
> switches your user in the process, reducing your ulimit back to 1024.
By
> the time you've gotten a shell your ulimit max is once again 1024.
> 
> We found the settings did work if you did one of: A) Logged in
directly
> from
> the console, B) did a su - username as root, C) started the command in
an
> init script with su - username -c <startup command>
> 
> I don't remember how we got it to work from a ssh session though.  We
may
> have given up and just done our start / stops with init scripts.

The only way I know of fixing the ssh/limits issue is turning off
privilege separation in sshd_config.  The issue is that sshd changes the
euid to the authenticating user after pam authentication is processed,
thus limits do not get applied to the session you are creating.

Privilege separation is an added layer of security, so you might not
want to mess with it.  

Alternatively you can set the limits post login in your .bash_profile.

> 
> Russell
> 
> On 6/16/06, Yard, John <jyard ais ucla edu> wrote:
> >
> >
> > Did not work, JYard
> >
> >
> > -----Original Message-----
> > From: redhat-list-bounces redhat com
> > [mailto:redhat-list-bounces redhat com] On Behalf Of
> > joe illegal-access de
> > Sent: Friday, June 16, 2006 1:57 PM
> > To: redhat-list redhat com
> > Subject: AW: ulimit change still does not persist across system boot
> >
> > Take a loot at "/etc/security/limits.conf" ...
> >
> > Set there something like:
> >
> > USERNAME     -       nofile          8192
> >
> > ...this should work
> >
> > cu,
> > Joe
> >
> > PS: the file-mode shall be 644... cross-check that also ;-)
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > --
> > redhat-list mailing list
> > unsubscribe
mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]