Bug 157290 - vixie-cron missing pam configuration for limits
vixie-cron missing pam configuration for limits
Status: CLOSED DUPLICATE of bug 5162
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: vixie-cron (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Brock Organ
Depends On:
Blocks: 170445
  Show dependency treegraph
Reported: 2005-05-10 05:08 EDT by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: vixie-cron-4.1-6_EL3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 14:08:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bastien Nocera 2005-05-10 05:08:40 EDT
In the /etc/security/limits.conf file I increase, for example, the number of
open file handles allowed for a process.

# grep nofile /etc/security/limits.conf
dan        soft       nofile   10000
dan        hard      nofile   20000

In an SSH session I can verify the limits are being applied:

$ ulimit -n

If, however, I setup a cron job as this user:

$ crontab -l
* * * * *  /bin/bash -c "ulimit > /tmp/ulimits.txt"

If I then look at the output the limits are not being applied

$ grep "open files" /tmp/ulimits.txt
open files              (-n)      1024

A little poking around reveals that the vixie-cron RPM is missing the PAM config
file neccessary to have session limits applied. If I create a file

# cat > /etc/pam.d/cron <<EOF
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

Restart the cron daemon

# /etc/init.d/crond restart

Then, wait for the job to run again it now picks up limits correctly

$ grep "open files" /tmp/ulimits.txt
open files              (-n) 10000

The lack of this PAM config is causing application jobs that would otherwise
work, to fail
Comment 1 Tomas Mraz 2005-05-10 08:11:48 EDT
Nope, this doesn't fix the problem at all. It only appears so to you.
The RHEL-3 vixie-cron version 3.0.1 doesn't have a pam support at all.

The reason why your trick works is that the limits established in the bash
session where you issue /etc/init.d/crond restart apply to the crond daemon and
thus apply to the user's processes called according to the crontab.

The RHEL-4 vixie-cron has pam support implemented.
Comment 2 Jason Vas Dias 2005-05-10 08:17:36 EDT
vixie-cron currently does not support PAM in RHEL-3 .

You can download vixie-cron-4.1-6_EL3, which does support PAM, and
which will hopefully be in RHEL-3-U6, from:

Comment 3 Jason Vas Dias 2005-05-10 08:19:45 EDT
*** Bug 157291 has been marked as a duplicate of this bug. ***
Comment 4 Jason Vas Dias 2005-05-10 08:22:18 EDT

*** This bug has been marked as a duplicate of 5162 ***
Comment 5 Jason Vas Dias 2005-05-10 08:24:09 EDT
BTW, the PAM configuration file for vixie-cron-4.1+ is
/etc/pam.d/crond , not
Comment 7 Jason Vas Dias 2005-10-14 11:33:14 EDT
This bug is fixed with vixie-cron-4.1-8_EL3, available from:
and should be considered for inclusion in RHEL-3-U7 .
Comment 9 Red Hat Bugzilla 2006-02-21 14:08:20 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.