Bug 68590

Summary: FC: rexecd does not set limits on /etc/security/limits
Product: [Fedora] Fedora Reporter: Eddie Quinteros <eddie>
Component: rshAssignee: Karel Zak <kzak>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-28 07:36:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eddie Quinteros 2002-07-11 14:21:22 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (WinNT; I)

Description of problem:
We added these lines to /etc/security/limits :
 *       soft    nofile  1700
 *       hard    nofile  4096

 And this one to /etc/pam.d/rexec :
 session required /lib/security/pam_limits.so

 However processes started by rexec do not use the new limits.
 For example "rexec -l user -p passwd localhost ulimit -a" still prints 
 1024 as the number of open files.

When doing rsh of ulimits -a  I can see that open files is set to 1700
 However when doing rexec open files is set to 1024.

 I have taken traces of both commands and I now can see why.
 rshd does reads /etc/security/limits.conf and set the limis accordingly
 while rexecd does not it just set limits to default.

 Here is the proof.

 This is a trace of rshd , I just grep for limits here.
 and as we can see it reads /etc/security/limits.conf

 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1916  open("/lib/security/pam_limits.so", O_RDONLY) = 5
 1916  getrlimit(0, 0xbffdd960)          = 0
 1916  getrlimit(0x1, 0xbffdd970)        = 0
 1916  getrlimit(0x2, 0xbffdd980)        = 0
 1916  getrlimit(0x3, 0xbffdd990)        = 0
 1916  getrlimit(0x4, 0xbffdd9a0)        = 0
 1916  getrlimit(0x5, 0xbffdd9b0)        = 0
 1916  getrlimit(0x6, 0xbffdd9c0)        = 0
 1916  getrlimit(0x7, 0xbffdd9d0)        = 0
 1916  getrlimit(0x8, 0xbffdd9e0)        = 0
 1916  getrlimit(0x9, 0xbffdd9f0)        = 0
 1916  getrlimit(0xa, 0xbffdda00)        = 0
 1916  open("//etc/security/limits.conf", O_RDONLY) = 4
 1916  read(4, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 1396
 1916  setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) 
 = 0
 1916  setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_NPROC, {rlim_cur=10238, rlim_max=10238}) = 0
 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1700, rlim_max=4*1024}) = 0
 1916  setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1918  getrlimit(0x7, 0xbffdfb90)        = 0
 1918  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1918  getrlimit(0x4, 0xbffffbf0)        = 0
 1918  getrlimit(0x2, 0xbffffbf0)        = 0
 1918  getrlimit(0x1, 0xbffffbf0)        = 0
 1918  getrlimit(0x8, 0xbffffbf0)        = 0
 1918  getrlimit(0x5, 0xbffffbf0)        = 0
 1918  getrlimit(0x7, 0xbffffbf0)        = 0
 1918  getrlimit(0x3, 0xbffffbf0)        = 0
 1918  getrlimit(0, 0xbffffbf0)          = 0
 1918  getrlimit(0x6, 0xbffffbf0)        = 0
 1918  getrlimit(0x9, 0xbffffbf0)        = 0

 Here is a trace of rexecd and I grep for limit. As we can see
 /etc/security/limits.conf values are not reset.

 1678  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1678  open("/lib/security/pam_limits.so", O_RDONLY) = 6
 1678  getrlimit(0x7, 0xbffdfbb0)        = 0
 1678  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1678  getrlimit(0x4, 0xbffffbf0)        = 0
 1678  getrlimit(0x2, 0xbffffbf0)        = 0
 1678  getrlimit(0x1, 0xbffffbf0)        = 0
 1678  getrlimit(0x8, 0xbffffbf0)        = 0
 1678  getrlimit(0x5, 0xbffffbf0)        = 0
 1678  getrlimit(0x7, 0xbffffbf0)        = 0
 1678  getrlimit(0x3, 0xbffffbf0)        = 0
 1678  getrlimit(0, 0xbffffbf0)          = 0
 1678  getrlimit(0x6, 0xbffffbf0)        = 0
 1678  getrlimit(0x9, 0xbffffbf0)        = 0

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. change the nofiles limits in /etc/security/limits
2.change /etc/pam.d/rexec to have pam limits
3.rexec -l user -p passwd localhost ulimit -a stills print the default limits not the ones we just set up.
	

Additional info:
Comment 1 Tomas Mraz 2004-11-16 13:29:51 UTC 
The problem is that the rexecd doesn't call pam_open_session where the
limits are applied as rshd calls.
Comment 2 Karel Zak 2004-11-17 17:47:49 UTC 
Fixed in devel branch rsh-0.17-25 [FC-4].