Red Hat Bugzilla – Bug 190456
limits.conf ignored by ssh pam logins
Last modified: 2015-01-07 19:12:39 EST
All pam authentication ignores the limits.conf settings, whether ssh or physical
Version-Release number of selected component (if applicable):
pam-0.77-66.13 (/lib and /lib64 binaries)
Configure /etc/security/limits.conf. Login via any method. Notice that the
limits are not applied by running 'ulimit -a'. Notice that contents of
/etc/pam.d/system-auth and other /etc/pam.d/ files are correct, and require
Steps to Reproduce:
1. configure /etc/security/limits.conf to limit RSS memory to any value for group
2. create group users; create a user and added to group 'users'
3. login with new user
4. look at ulimit -a, that RSS memory is unlimited
no limits are applied, not RSS nor no. procs., or any other limit
limits to apply in same fashion as RHE3
Could you try to upgrade to the latest pam package available? (0.77-66.14)
And if it doesn't help could you attach your /etc/security/limits.conf here?
Updated to pam-0.77-66.14 .
Overwrote configs with .rpmnew for all of /etc/pam.d/ and /etc/security/ .
/bin/su - user
limits are applied just as expected.
limits are not applied
Created attachment 128523 [details]
File from /etc/ssh/sshd_config
This config works fine with limits on RHEL3 .
Created attachment 128524 [details]
File from /etc/pam.d/sshd .
Comes with openssh-3.9p1-8.RHEL4.9 .
Created attachment 128525 [details]
File from /etc/security/limits.conf
Each limit applies perfectly when using '/bin/su - user', but not via ssh.
Console login behavior, unknown.
Updated to openssh-3.9p1-8.RHEL4.12 and restarted service. No difference.
Added explicit 'UsePAM yes' to /etc/ssh/sshd_config.
Limits are now applied correctly.
Apparently, PAM authentication was default on RHEL3, but is not on RHEL4.
Used a Gentoo box to figure this out :-).
NOTABUG as 'UsePAM yes' is in the default sshd_config in the openssh package.
After upgrade you must compare the .rpmnew file and the old one and make