Bug 163445
Summary: | sshd interacts badly with pam_limits.so | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Warme <a039dmw> |
Component: | openssh | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-16 22:15:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Warme
2005-07-16 21:25:38 UTC
Is it an initscript that is setting the nice level? Check /etc/init.d/sshd or /etc/sysconfig/ssh or something like that. Strange that this would change.... I just checked the SSH source code, and could not find anywhere that called "nice()" or "setpriority()". I then looked at the sshd process that was actually running -- it had a nice value of zero -- NOT niced. When I initially started my investigation, sshd definitely had a "nice" value of 10. Furthermore, sshd was actually running at the time I launched the "up2date" process to apply the patched version of ssh. Once the patch was applied (I assume that applying the patch caused the existing sshd process to be stopped and restarted), I was no longer able to login with ssh. To the best of my knowledge, this process was not stopped or restarted until well into my investigations (i.e., I suspect that the "nice" of 10 was applied by the patch logic (as invoked from the up2date GUI app). Once I discovered what was going on, I modified the /etc/pam.d/sshd file and re-tried the login. It was still failing. So I did an "sh /etc/rc.d/init.d/sshd restart", and it started working again. The new sshd process had a "nice" value of zero again! Setting the /etc/pam.d/sshd "pam_limits" line back to "required" is no longer required. I suspect that the "nice 10" sshd process occurred because of the environment inherited from the "up2date" GUI app. Care to wager 25 cents or so? Ooops -- let me correct that: Once I restarted sshd, it is no longer necessary for the pam_limits line in /etc/pam.d/sshd to say "optional" -- it seems to work fine in the original state of "required". Strange, however I can't see how this is a bug in SSH. Perhaps up2date, which we aren't supporting. |