All pam authentication ignores the limits.conf settings, whether ssh or physical login. Version-Release number of selected component (if applicable): pam-0.77-66.13 (/lib and /lib64 binaries) How reproducible: Configure /etc/security/limits.conf. Login via any method. Notice that the limits are not applied by running 'ulimit -a'. Notice that contents of /etc/pam.d/system-auth and other /etc/pam.d/ files are correct, and require limits modules. Steps to Reproduce: 1. configure /etc/security/limits.conf to limit RSS memory to any value for group users 2. create group users; create a user and added to group 'users' 3. login with new user 4. look at ulimit -a, that RSS memory is unlimited Actual results: no limits are applied, not RSS nor no. procs., or any other limit Expected results: limits to apply in same fashion as RHE3 Additional info:
Could you try to upgrade to the latest pam package available? (0.77-66.14) And if it doesn't help could you attach your /etc/security/limits.conf here?
Updated to pam-0.77-66.14 . Overwrote configs with .rpmnew for all of /etc/pam.d/ and /etc/security/ . CASE 1: /bin/su - user limits are applied just as expected. CASE 2: ssh user@localhost limits are not applied
Created attachment 128523 [details] File from /etc/ssh/sshd_config This config works fine with limits on RHEL3 .
Created attachment 128524 [details] File from /etc/pam.d/sshd . Comes with openssh-3.9p1-8.RHEL4.9 .
Created attachment 128525 [details] File from /etc/security/limits.conf Each limit applies perfectly when using '/bin/su - user', but not via ssh. Console login behavior, unknown.
Updated to openssh-3.9p1-8.RHEL4.12 and restarted service. No difference.
Added explicit 'UsePAM yes' to /etc/ssh/sshd_config. Limits are now applied correctly. Apparently, PAM authentication was default on RHEL3, but is not on RHEL4. Used a Gentoo box to figure this out :-).
NOTABUG as 'UsePAM yes' is in the default sshd_config in the openssh package. After upgrade you must compare the .rpmnew file and the old one and make appropriate changes.