Bug 135572

Summary: openssh does not set ulimits correctly unless "UseLogin yes" in sshd_config
Product: Red Hat Enterprise Linux 3 Reporter: Robert Brooks <robert.brooks>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: barryn, brian, cww, laroche, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-19 14:14:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 140824    
Bug Blocks:    

Description Robert Brooks 2004-10-13 15:58:16 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20040930

Description of problem:
you can set max number of open file descriptors for a user in
/etc/security/limits.conf, but this setting is not honoured unless
sshd is set to "UseLogin Yes.

Version-Release number of selected component (if applicable):
openssh-3.6.1p2-33.30.1

How reproducible:
Always

Steps to Reproduce:
set number of file descriptors in limits.conf

$ grep nofile /etc/security/limits.conf
#        - nofile - max number of open files
user         hard    nofile          8192
user         soft    nofile          8192

log in over ssh as user

$ ulimit -n
1024

edit /etc/ssh/sshd_config so that UseLogin yes

# grep UseLogin /etc/ssh/sshd_config
UseLogin yes

restart ssh

now log in over ssh as user

$ ulimit -n
8192

ulimit for number of files is set correctly

Actual Results:  if sshd is configured with "UseLogin No" ulimit -n
returns 1024

Expected Results:  in both cases ulimit -n should return 8192

Additional info:
Comment 1 Robert Brooks 2004-10-13 16:01:32 UTC 
problem also documented in a closed bugzilla here

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=116133
Comment 3 Shay Cohen 2005-01-19 14:24:11 UTC 
Please notice, that when configuring uselogin to "yes"
Xforwarding will be unactive (login does not support xauth). 
Shay.
Comment 6 Tomas Mraz 2005-02-07 09:44:19 UTC 
*** Bug 104997 has been marked as a duplicate of this bug. ***
Comment 7 Tomas Mraz 2005-05-19 14:14:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-106.html
Comment 8 Alex Bruno 2005-09-07 17:22:10 UTC 
(In reply to comment #7)
> An advisory has been issued which should help the problem
> described in this bug report. This report is therefore being
> closed with a resolution of ERRATA. For more information
> on the solution and/or where to find the updated files,
> please follow the link below. You may reopen this bug report
> if the solution does not work for you.
> 
> http://rhn.redhat.com/errata/RHSA-2005-106.html
> 
> 

Question:  A customer opened a support ticket with us today and says that he has
EXACTLY this problem.  But he is using ssh version 2 which does not contain the
UseLogin variable.  So, the customer's question is what is the workaround for
version 2.
Comment 9 Tomas Mraz 2005-09-07 17:57:30 UTC 
The limits should be set correctly if he has openssh-3.6.1p2-33.30.4 installed.