Bug 1028490 - pam_limits documentation is unclear about difference between maxlogins and maxsyslogins
Summary: pam_limits documentation is unclear about difference between maxlogins and ma...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-08 15:11 UTC by Petr Spacek
Modified: 2014-10-14 08:09 UTC (History)
2 users (show)

Fixed In Version: pam-1.1.1-18.el6
Doc Type: Bug Fix
Doc Text:
no docs needed
Clone Of:
Environment:
Last Closed: 2014-10-14 08:09:59 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1579 0 normal SHIPPED_LIVE pam bug fix update 2014-10-14 01:27:19 UTC

Description Petr Spacek 2013-11-08 15:11:39 UTC 
Description of problem:
Neither manual page for pam_limits nor comments in /etc/security/limits.conf explain the difference between 'maxlogins' and 'maxsyslogins'. 

Version-Release number of selected component (if applicable):
pam-1.1.1-13.el6.x86_64

Additional info:
May be that some explanatory comment in limits.conf would be enough.
Comment 2 Tomas Mraz 2013-11-08 15:26:29 UTC 
The current limits.conf(5) man page on Fedora, RHEL-7 says:

           maxlogins
               maximum number of logins for this user except for this with
               uid=0

           maxsyslogins
               maximum number of all logins on system

I think this is clear that the maxsyslogins counts all the logins and maxlogins counts only the logins of the user being logged in.

RHEL-6 is different in the the word 'all' is missing in the maxsyslogins description.
Comment 3 Petr Spacek 2013-11-11 08:19:02 UTC 
Soo... 
@students        -       maxsyslogins       4
implicates that users from group "students" can open no more than 4 sessions in total but

@students        -       maxlogins          4
means that each user from group "students" can open 4 separate sessions?

I don't think that the description is man page is very clear. It would be great if you could improve it somehow, even with examples above (if they are correct :-).
Comment 4 Tomas Mraz 2013-11-11 09:25:39 UTC 
(In reply to Petr Spacek from comment #3)
> Soo... 
> @students        -       maxsyslogins       4
> implicates that users from group "students" can open no more than 4 sessions
> in total but
Yes, but also counting any other login sessions on the system to the total count. 

> @students        -       maxlogins          4
> means that each user from group "students" can open 4 separate sessions?
Yes, exactly.
 
> I don't think that the description is man page is very clear. It would be
> great if you could improve it somehow, even with examples above (if they are
> correct :-).
Comment 5 Petr Spacek 2013-11-11 18:52:02 UTC 
My proposal:

maxsyslogins - maximum number of all logins on the system; user is not allowed to log-in if total number of all logins is greater than specified number (root account does not count)
Comment 11 errata-xmlrpc 2014-10-14 08:09:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1579.html
Note You need to log in before you can comment on or make changes to this bug.