Bug 49721 - maxlogins entry works inconsistently in limits.conf
Summary: maxlogins entry works inconsistently in limits.conf
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-07-23 15:25 UTC by js
Modified: 2007-04-18 16:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-10-20 07:36:39 UTC
Embargoed:


Attachments (Terms of Use)
pam_limits maxlogins fix (869 bytes, patch)
2001-11-29 10:20 UTC, Need Real Name
no flags Details | Diff

Description js 2001-07-23 15:25:14 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.5-getrewted i686; en-US;
rv:0.9.1) Gecko/20010607

Description of problem:
when I write 'user - maxlogins 0' to limits.conf, user cannot log in (but
just the 'session opened for...' message appears in syslog). But when I
write 'user - maxlogins 1', user can log in two sessions simultaniously.

How reproducible:
Always

Steps to Reproduce:
1.cp /etc/security/limits.conf /etc/security/limits.conf.orig
2.add user for example 'foobar' with no passwd
3.echo 'foobar - maxlogins 0' > /etc/security/limits.conf
4.ssh foobar@localhost (or any other login test like telnet or getty login)
5.steps 3&4 with 'foobar - maxlogins 1'
6.cp /etc/security/limits.conf.orig /etc/security/limits.conf
7.deluser foobar
	

Additional info:

Comment 1 Nalin Dahyabhai 2001-09-06 01:36:12 UTC
Most of how pam_limits deals with limits for groups needs reworking -- currently
the results are not correct when limits are specified for multiple groups to
which a user belongs, and this might require major restructuring of the
pam_limits sources to achieve.

Comment 2 Need Real Name 2001-11-28 15:56:23 UTC
The following patch fixes the 'maxlogins' per user off-by-one error.

--- pam_limits.c.orig	Wed Nov 28 19:37:35 2001
+++ pam_limits.c	Wed Nov 28 19:44:24 2001
@@ -185,7 +185,7 @@
             break;
     }
     endutent();
-    if (count > limit) {
+    if (count >= limit) {
 	if (name) {
 	    _pam_log(LOG_WARNING, "Too many logins (max %d) for %s", limit,
 
	     name);
@@ -193,6 +193,9 @@
 	    _pam_log(LOG_WARNING, "Too many system logins (max %d)", limit);
 	}
         return LOGIN_ERR;
+    } else {
+
    _pam_log(LOG_DEBUG, "Current logins: %d", count);
+
    _pam_log(LOG_DEBUG, "Maximum logins: %d", limit);
     }
     return 0;
 }

Comment 3 Need Real Name 2001-11-29 10:20:06 UTC
Created attachment 39024 [details]
pam_limits maxlogins fix


Note You need to log in before you can comment on or make changes to this bug.