Bug 157290 - vixie-cron missing pam configuration for limits
Summary: vixie-cron missing pam configuration for limits
Keywords:
Status: CLOSED DUPLICATE of bug 5162
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: vixie-cron
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks: 170445
TreeView+ depends on / blocked
 
Reported: 2005-05-10 09:08 UTC by Bastien Nocera
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version: vixie-cron-4.1-6_EL3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-21 19:08:20 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Bastien Nocera 2005-05-10 09:08:40 UTC 
In the /etc/security/limits.conf file I increase, for example, the number of
open file handles allowed for a process.

# grep nofile /etc/security/limits.conf
dan        soft       nofile   10000
dan        hard      nofile   20000

In an SSH session I can verify the limits are being applied:

$ ulimit -n
10000


If, however, I setup a cron job as this user:

$ crontab -l
* * * * *  /bin/bash -c "ulimit > /tmp/ulimits.txt"

If I then look at the output the limits are not being applied

$ grep "open files" /tmp/ulimits.txt
open files              (-n)      1024


A little poking around reveals that the vixie-cron RPM is missing the PAM config
file neccessary to have session limits applied. If I create a file

# cat > /etc/pam.d/cron <<EOF
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
EOF

Restart the cron daemon

# /etc/init.d/crond restart


Then, wait for the job to run again it now picks up limits correctly

$ grep "open files" /tmp/ulimits.txt
open files              (-n) 10000

The lack of this PAM config is causing application jobs that would otherwise
work, to fail
Comment 1 Tomas Mraz 2005-05-10 12:11:48 UTC 
Nope, this doesn't fix the problem at all. It only appears so to you.
The RHEL-3 vixie-cron version 3.0.1 doesn't have a pam support at all.

The reason why your trick works is that the limits established in the bash
session where you issue /etc/init.d/crond restart apply to the crond daemon and
thus apply to the user's processes called according to the crontab.

The RHEL-4 vixie-cron has pam support implemented.
Comment 2 Jason Vas Dias 2005-05-10 12:17:36 UTC 
vixie-cron currently does not support PAM in RHEL-3 .

You can download vixie-cron-4.1-6_EL3, which does support PAM, and
which will hopefully be in RHEL-3-U6, from:
  http://people.redhat.com/~jvdias/vixie-cron/RHEL-3/
Comment 3 Jason Vas Dias 2005-05-10 12:19:45 UTC 
*** Bug 157291 has been marked as a duplicate of this bug. ***
Comment 4 Jason Vas Dias 2005-05-10 12:22:18 UTC 

*** This bug has been marked as a duplicate of 5162 ***
Comment 5 Jason Vas Dias 2005-05-10 12:24:09 UTC 
BTW, the PAM configuration file for vixie-cron-4.1+ is
/etc/pam.d/crond , not
/etc/pam.d/cron
Comment 7 Jason Vas Dias 2005-10-14 15:33:14 UTC 
This bug is fixed with vixie-cron-4.1-8_EL3, available from:
  http://people.redhat.com/~jvdias/cron/RHEL-3
and should be considered for inclusion in RHEL-3-U7 .
Comment 9 Red Hat Bugzilla 2006-02-21 19:08:20 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.
Note You need to log in before you can comment on or make changes to this bug.