Bug 190456 – limits.conf ignored by ssh pam logins

Bug 190456 - limits.conf ignored by ssh pam logins

Summary:	limits.conf ignored by ssh pam logins

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	pam (Show other bugs)
Sub Component:
Version:	4.0
Hardware:	x86_64 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Tomas Mraz
QA Contact:	Jay Turner
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-05-02 11:38 EDT by Timothy Stotts
Modified:	2015-01-07 19:12 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-05-03 02:42:58 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
File from /etc/ssh/sshd_config (1.46 KB, text/plain) 2006-05-02 18:37 EDT, Timothy Stotts	no flags	Details
File from /etc/pam.d/sshd . (317 bytes, text/plain) 2006-05-02 18:38 EDT, Timothy Stotts	no flags	Details
File from /etc/security/limits.conf (1.56 KB, text/plain) 2006-05-02 18:40 EDT, Timothy Stotts	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Timothy Stotts 2006-05-02 11:38:14 EDT

All pam authentication ignores the limits.conf settings, whether ssh or physical
login.


Version-Release number of selected component (if applicable):
pam-0.77-66.13 (/lib and /lib64 binaries)

How reproducible:
Configure /etc/security/limits.conf.  Login via any method.  Notice that the
limits are not applied by running 'ulimit -a'.  Notice that contents of
/etc/pam.d/system-auth and other /etc/pam.d/ files are correct, and require
limits modules.

Steps to Reproduce:
1. configure /etc/security/limits.conf to limit RSS memory to any value for group
users
2. create group users; create a user and added to group 'users'
3. login with new user
4. look at ulimit -a, that RSS memory is unlimited
  
Actual results:
no limits are applied, not RSS nor no. procs., or any other limit

Expected results:
limits to apply in same fashion as RHE3

Additional info:

Comment 1 Tomas Mraz 2006-05-02 12:16:18 EDT

Could you try to upgrade to the latest pam package available? (0.77-66.14)

And if it doesn't help could you attach your /etc/security/limits.conf here?

Comment 2 Timothy Stotts 2006-05-02 18:35:04 EDT

Updated to pam-0.77-66.14 .

Overwrote configs with .rpmnew for all of /etc/pam.d/ and /etc/security/ .

CASE 1:
   /bin/su - user
   limits are applied just as expected.

CASE 2:
   ssh user@localhost
   limits are not applied

Comment 3 Timothy Stotts 2006-05-02 18:37:27 EDT

Created attachment 128523 [details]
File from /etc/ssh/sshd_config

This config works fine with limits on RHEL3 .

Comment 4 Timothy Stotts 2006-05-02 18:38:59 EDT

Created attachment 128524 [details]
File from /etc/pam.d/sshd .

Comes with openssh-3.9p1-8.RHEL4.9 .

Comment 5 Timothy Stotts 2006-05-02 18:40:32 EDT

Created attachment 128525 [details]
File from /etc/security/limits.conf

Each limit applies perfectly when using '/bin/su - user', but not via ssh.
Console login behavior, unknown.

Comment 6 Timothy Stotts 2006-05-02 18:57:37 EDT

Updated to openssh-3.9p1-8.RHEL4.12 and restarted service.  No difference.

Comment 7 Timothy Stotts 2006-05-02 19:06:37 EDT

Added explicit 'UsePAM yes' to /etc/ssh/sshd_config.
Limits are now applied correctly.

Apparently, PAM authentication was default on RHEL3, but is not on RHEL4.  
Used a Gentoo box to figure this out :-).

Comment 8 Tomas Mraz 2006-05-03 02:42:58 EDT

NOTABUG as 'UsePAM yes' is in the default sshd_config in the openssh package.
After upgrade you must compare the .rpmnew file and the old one and make
appropriate changes.

Note You need to log in before you can comment on or make changes to this bug.