From Bugzilla Helper: User-Agent: Mozilla/4.7 [en] (WinNT; I) Description of problem: We added these lines to /etc/security/limits : * soft nofile 1700 * hard nofile 4096 And this one to /etc/pam.d/rexec : session required /lib/security/pam_limits.so However processes started by rexec do not use the new limits. For example "rexec -l user -p passwd localhost ulimit -a" still prints 1024 as the number of open files. When doing rsh of ulimits -a I can see that open files is set to 1700 However when doing rexec open files is set to 1024. I have taken traces of both commands and I now can see why. rshd does reads /etc/security/limits.conf and set the limis accordingly while rexecd does not it just set limits to default. Here is the proof. This is a trace of rshd , I just grep for limits here. and as we can see it reads /etc/security/limits.conf 1916 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0 1916 open("/lib/security/pam_limits.so", O_RDONLY) = 5 1916 getrlimit(0, 0xbffdd960) = 0 1916 getrlimit(0x1, 0xbffdd970) = 0 1916 getrlimit(0x2, 0xbffdd980) = 0 1916 getrlimit(0x3, 0xbffdd990) = 0 1916 getrlimit(0x4, 0xbffdd9a0) = 0 1916 getrlimit(0x5, 0xbffdd9b0) = 0 1916 getrlimit(0x6, 0xbffdd9c0) = 0 1916 getrlimit(0x7, 0xbffdd9d0) = 0 1916 getrlimit(0x8, 0xbffdd9e0) = 0 1916 getrlimit(0x9, 0xbffdd9f0) = 0 1916 getrlimit(0xa, 0xbffdda00) = 0 1916 open("//etc/security/limits.conf", O_RDONLY) = 4 1916 read(4, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 1396 1916 setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_NPROC, {rlim_cur=10238, rlim_max=10238}) = 0 1916 setrlimit(RLIMIT_NOFILE, {rlim_cur=1700, rlim_max=4*1024}) = 0 1916 setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1916 setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0 1918 getrlimit(0x7, 0xbffdfb90) = 0 1918 execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0 1918 getrlimit(0x4, 0xbffffbf0) = 0 1918 getrlimit(0x2, 0xbffffbf0) = 0 1918 getrlimit(0x1, 0xbffffbf0) = 0 1918 getrlimit(0x8, 0xbffffbf0) = 0 1918 getrlimit(0x5, 0xbffffbf0) = 0 1918 getrlimit(0x7, 0xbffffbf0) = 0 1918 getrlimit(0x3, 0xbffffbf0) = 0 1918 getrlimit(0, 0xbffffbf0) = 0 1918 getrlimit(0x6, 0xbffffbf0) = 0 1918 getrlimit(0x9, 0xbffffbf0) = 0 Here is a trace of rexecd and I grep for limit. As we can see /etc/security/limits.conf values are not reset. 1678 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0 1678 open("/lib/security/pam_limits.so", O_RDONLY) = 6 1678 getrlimit(0x7, 0xbffdfbb0) = 0 1678 execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0 1678 getrlimit(0x4, 0xbffffbf0) = 0 1678 getrlimit(0x2, 0xbffffbf0) = 0 1678 getrlimit(0x1, 0xbffffbf0) = 0 1678 getrlimit(0x8, 0xbffffbf0) = 0 1678 getrlimit(0x5, 0xbffffbf0) = 0 1678 getrlimit(0x7, 0xbffffbf0) = 0 1678 getrlimit(0x3, 0xbffffbf0) = 0 1678 getrlimit(0, 0xbffffbf0) = 0 1678 getrlimit(0x6, 0xbffffbf0) = 0 1678 getrlimit(0x9, 0xbffffbf0) = 0 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. change the nofiles limits in /etc/security/limits 2.change /etc/pam.d/rexec to have pam limits 3.rexec -l user -p passwd localhost ulimit -a stills print the default limits not the ones we just set up. Additional info:
The problem is that the rexecd doesn't call pam_open_session where the limits are applied as rshd calls.
Fixed in devel branch rsh-0.17-25 [FC-4].