Bug 165156 - using nproc limits.conf prevents sshd from working
using nproc limits.conf prevents sshd from working
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
3
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-04 15:02 EDT by d. johnson
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-05 08:13:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description d. johnson 2005-08-04 15:02:22 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

Description of problem:
If you use a soft nproc limit via pam_limits, ssh is unable to log users in.


Version-Release number of selected component (if applicable):
pam-0.77-66.2 openssh-3.9p1-8.0.2

How reproducible:
Always

Steps to Reproduce:
1. Add these two lines to /etc/security/limits.conf on ssh host.
* soft nproc 100
* hard nproc 150

2. Attempt to ssh in to the host.

3. Profit!
  

Actual Results:  The following message appears in /var/log/secure:

sshd[21872]: Accepted password for user from 192.168.1.1 port 56193 ssh2
sshd[21875]: fatal: setresuid 500: Resource temporarily unavailable


Expected Results:  Shell prompt.

Additional info:

If you comment out just the soft nproc line, sshd works normally.

Additionally, if you set hard nproc limit of 100, sshd still works normally.
Comment 1 Tomas Mraz 2005-08-05 08:13:56 EDT
Hmmm but either this user already had 100 processes or the kernel you have on
this machine is seriously broken.

I've tried it here on FC3 machine with the release kernel and the latest updated
one and I haven't seen a problem.

Note You need to log in before you can comment on or make changes to this bug.