Bug 49721 - maxlogins entry works inconsistently in limits.conf
maxlogins entry works inconsistently in limits.conf
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-23 11:25 EDT by js
Modified: 2007-04-18 12:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-20 03:36:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
pam_limits maxlogins fix (869 bytes, patch)
2001-11-29 05:20 EST, Need Real Name
no flags Details | Diff

  None (edit)
Description js 2001-07-23 11:25:14 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.5-getrewted i686; en-US;
rv:0.9.1) Gecko/20010607

Description of problem:
when I write 'user - maxlogins 0' to limits.conf, user cannot log in (but
just the 'session opened for...' message appears in syslog). But when I
write 'user - maxlogins 1', user can log in two sessions simultaniously.

How reproducible:
Always

Steps to Reproduce:
1.cp /etc/security/limits.conf /etc/security/limits.conf.orig
2.add user for example 'foobar' with no passwd
3.echo 'foobar - maxlogins 0' > /etc/security/limits.conf
4.ssh foobar@localhost (or any other login test like telnet or getty login)
5.steps 3&4 with 'foobar - maxlogins 1'
6.cp /etc/security/limits.conf.orig /etc/security/limits.conf
7.deluser foobar
	

Additional info:
Comment 1 Nalin Dahyabhai 2001-09-05 21:36:12 EDT
Most of how pam_limits deals with limits for groups needs reworking -- currently
the results are not correct when limits are specified for multiple groups to
which a user belongs, and this might require major restructuring of the
pam_limits sources to achieve.
Comment 2 Need Real Name 2001-11-28 10:56:23 EST
The following patch fixes the 'maxlogins' per user off-by-one error.

--- pam_limits.c.orig	Wed Nov 28 19:37:35 2001
+++ pam_limits.c	Wed Nov 28 19:44:24 2001
@@ -185,7 +185,7 @@
             break;
     }
     endutent();
-    if (count > limit) {
+    if (count >= limit) {
 	if (name) {
 	    _pam_log(LOG_WARNING, "Too many logins (max %d) for %s", limit,
 
	     name);
@@ -193,6 +193,9 @@
 	    _pam_log(LOG_WARNING, "Too many system logins (max %d)", limit);
 	}
         return LOGIN_ERR;
+    } else {
+
    _pam_log(LOG_DEBUG, "Current logins: %d", count);
+
    _pam_log(LOG_DEBUG, "Maximum logins: %d", limit);
     }
     return 0;
 }
Comment 3 Need Real Name 2001-11-29 05:20:06 EST
Created attachment 39024 [details]
pam_limits maxlogins fix

Note You need to log in before you can comment on or make changes to this bug.