Bug 135572 - openssh does not set ulimits correctly unless "UseLogin yes" in sshd_config
Summary: openssh does not set ulimits correctly unless "UseLogin yes" in sshd_config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssh
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
: 104997 (view as bug list)
Depends On: 140824
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-13 15:58 UTC by Robert Brooks
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-19 14:14:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Robert Brooks 2004-10-13 15:58:16 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20040930

Description of problem:
you can set max number of open file descriptors for a user in
/etc/security/limits.conf, but this setting is not honoured unless
sshd is set to "UseLogin Yes.

Version-Release number of selected component (if applicable):
openssh-3.6.1p2-33.30.1

How reproducible:
Always

Steps to Reproduce:
set number of file descriptors in limits.conf

$ grep nofile /etc/security/limits.conf
#        - nofile - max number of open files
user         hard    nofile          8192
user         soft    nofile          8192

log in over ssh as user

$ ulimit -n
1024

edit /etc/ssh/sshd_config so that UseLogin yes

# grep UseLogin /etc/ssh/sshd_config
UseLogin yes

restart ssh

now log in over ssh as user

$ ulimit -n
8192

ulimit for number of files is set correctly

Actual Results:  if sshd is configured with "UseLogin No" ulimit -n
returns 1024

Expected Results:  in both cases ulimit -n should return 8192

Additional info:
Comment 1 Robert Brooks 2004-10-13 16:01:32 UTC 
problem also documented in a closed bugzilla here

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=116133
Comment 3 Shay Cohen 2005-01-19 14:24:11 UTC 
Please notice, that when configuring uselogin to "yes"
Xforwarding will be unactive (login does not support xauth). 
Shay.
Comment 6 Tomas Mraz 2005-02-07 09:44:19 UTC 
*** Bug 104997 has been marked as a duplicate of this bug. ***
Comment 7 Tomas Mraz 2005-05-19 14:14:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-106.html
Comment 8 Alex Bruno 2005-09-07 17:22:10 UTC 
(In reply to comment #7)
> An advisory has been issued which should help the problem
> described in this bug report. This report is therefore being
> closed with a resolution of ERRATA. For more information
> on the solution and/or where to find the updated files,
> please follow the link below. You may reopen this bug report
> if the solution does not work for you.
> 
> http://rhn.redhat.com/errata/RHSA-2005-106.html
> 
> 

Question:  A customer opened a support ticket with us today and says that he has
EXACTLY this problem.  But he is using ssh version 2 which does not contain the
UseLogin variable.  So, the customer's question is what is the workaround for
version 2.
Comment 9 Tomas Mraz 2005-09-07 17:57:30 UTC 
The limits should be set correctly if he has openssh-3.6.1p2-33.30.4 installed.
Note You need to log in before you can comment on or make changes to this bug.