Bug 1028490

Summary: pam_limits documentation is unclear about difference between maxlogins and maxsyslogins
Product: Red Hat Enterprise Linux 6 Reporter: Petr Spacek <pspacek>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: dapospis, jchaloup
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pam-1.1.1-18.el6 Doc Type: Bug Fix
Doc Text:
no docs needed
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 08:09:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Petr Spacek 2013-11-08 15:11:39 UTC 
Description of problem:
Neither manual page for pam_limits nor comments in /etc/security/limits.conf explain the difference between 'maxlogins' and 'maxsyslogins'. 

Version-Release number of selected component (if applicable):
pam-1.1.1-13.el6.x86_64

Additional info:
May be that some explanatory comment in limits.conf would be enough.
Comment 2 Tomas Mraz 2013-11-08 15:26:29 UTC 
The current limits.conf(5) man page on Fedora, RHEL-7 says:

           maxlogins
               maximum number of logins for this user except for this with
               uid=0

           maxsyslogins
               maximum number of all logins on system

I think this is clear that the maxsyslogins counts all the logins and maxlogins counts only the logins of the user being logged in.

RHEL-6 is different in the the word 'all' is missing in the maxsyslogins description.
Comment 3 Petr Spacek 2013-11-11 08:19:02 UTC 
Soo... 
@students        -       maxsyslogins       4
implicates that users from group "students" can open no more than 4 sessions in total but

@students        -       maxlogins          4
means that each user from group "students" can open 4 separate sessions?

I don't think that the description is man page is very clear. It would be great if you could improve it somehow, even with examples above (if they are correct :-).
Comment 4 Tomas Mraz 2013-11-11 09:25:39 UTC 
(In reply to Petr Spacek from comment #3)
> Soo... 
> @students        -       maxsyslogins       4
> implicates that users from group "students" can open no more than 4 sessions
> in total but
Yes, but also counting any other login sessions on the system to the total count. 

> @students        -       maxlogins          4
> means that each user from group "students" can open 4 separate sessions?
Yes, exactly.
 
> I don't think that the description is man page is very clear. It would be
> great if you could improve it somehow, even with examples above (if they are
> correct :-).
Comment 5 Petr Spacek 2013-11-11 18:52:02 UTC 
My proposal:

maxsyslogins - maximum number of all logins on the system; user is not allowed to log-in if total number of all logins is greater than specified number (root account does not count)
Comment 11 errata-xmlrpc 2014-10-14 08:09:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1579.html