Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 157290

Summary: vixie-cron missing pam configuration for limits
Product: Red Hat Enterprise Linux 3 Reporter: Bastien Nocera <bnocera>
Component: vixie-cronAssignee: Jason Vas Dias <jvdias>
Status: CLOSED DUPLICATE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: benl, nalin, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: vixie-cron-4.1-6_EL3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:08:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 170445    

Description Bastien Nocera 2005-05-10 09:08:40 UTC 
In the /etc/security/limits.conf file I increase, for example, the number of
open file handles allowed for a process.

# grep nofile /etc/security/limits.conf
dan        soft       nofile   10000
dan        hard      nofile   20000

In an SSH session I can verify the limits are being applied:

$ ulimit -n
10000


If, however, I setup a cron job as this user:

$ crontab -l
* * * * *  /bin/bash -c "ulimit > /tmp/ulimits.txt"

If I then look at the output the limits are not being applied

$ grep "open files" /tmp/ulimits.txt
open files              (-n)      1024


A little poking around reveals that the vixie-cron RPM is missing the PAM config
file neccessary to have session limits applied. If I create a file

# cat > /etc/pam.d/cron <<EOF
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
EOF

Restart the cron daemon

# /etc/init.d/crond restart


Then, wait for the job to run again it now picks up limits correctly

$ grep "open files" /tmp/ulimits.txt
open files              (-n) 10000

The lack of this PAM config is causing application jobs that would otherwise
work, to fail
Comment 1 Tomas Mraz 2005-05-10 12:11:48 UTC 
Nope, this doesn't fix the problem at all. It only appears so to you.
The RHEL-3 vixie-cron version 3.0.1 doesn't have a pam support at all.

The reason why your trick works is that the limits established in the bash
session where you issue /etc/init.d/crond restart apply to the crond daemon and
thus apply to the user's processes called according to the crontab.

The RHEL-4 vixie-cron has pam support implemented.
Comment 2 Jason Vas Dias 2005-05-10 12:17:36 UTC 
vixie-cron currently does not support PAM in RHEL-3 .

You can download vixie-cron-4.1-6_EL3, which does support PAM, and
which will hopefully be in RHEL-3-U6, from:
  http://people.redhat.com/~jvdias/vixie-cron/RHEL-3/
Comment 3 Jason Vas Dias 2005-05-10 12:19:45 UTC 
*** Bug 157291 has been marked as a duplicate of this bug. ***
Comment 4 Jason Vas Dias 2005-05-10 12:22:18 UTC 

*** This bug has been marked as a duplicate of 5162 ***
Comment 5 Jason Vas Dias 2005-05-10 12:24:09 UTC 
BTW, the PAM configuration file for vixie-cron-4.1+ is
/etc/pam.d/crond , not
/etc/pam.d/cron
Comment 7 Jason Vas Dias 2005-10-14 15:33:14 UTC 
This bug is fixed with vixie-cron-4.1-8_EL3, available from:
  http://people.redhat.com/~jvdias/cron/RHEL-3
and should be considered for inclusion in RHEL-3-U7 .
Comment 9 Red Hat Bugzilla 2006-02-21 19:08:20 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.