From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.5-getrewted i686; en-US; rv:0.9.1) Gecko/20010607 Description of problem: when I write 'user - maxlogins 0' to limits.conf, user cannot log in (but just the 'session opened for...' message appears in syslog). But when I write 'user - maxlogins 1', user can log in two sessions simultaniously. How reproducible: Always Steps to Reproduce: 1.cp /etc/security/limits.conf /etc/security/limits.conf.orig 2.add user for example 'foobar' with no passwd 3.echo 'foobar - maxlogins 0' > /etc/security/limits.conf 4.ssh foobar@localhost (or any other login test like telnet or getty login) 5.steps 3&4 with 'foobar - maxlogins 1' 6.cp /etc/security/limits.conf.orig /etc/security/limits.conf 7.deluser foobar Additional info:
Most of how pam_limits deals with limits for groups needs reworking -- currently the results are not correct when limits are specified for multiple groups to which a user belongs, and this might require major restructuring of the pam_limits sources to achieve.
The following patch fixes the 'maxlogins' per user off-by-one error. --- pam_limits.c.orig Wed Nov 28 19:37:35 2001 +++ pam_limits.c Wed Nov 28 19:44:24 2001 @@ -185,7 +185,7 @@ break; } endutent(); - if (count > limit) { + if (count >= limit) { if (name) { _pam_log(LOG_WARNING, "Too many logins (max %d) for %s", limit, name); @@ -193,6 +193,9 @@ _pam_log(LOG_WARNING, "Too many system logins (max %d)", limit); } return LOGIN_ERR; + } else { + _pam_log(LOG_DEBUG, "Current logins: %d", count); + _pam_log(LOG_DEBUG, "Maximum logins: %d", limit); } return 0; }
Created attachment 39024 [details] pam_limits maxlogins fix