Bug 68590 - FC: rexecd does not set limits on /etc/security/limits
FC: rexecd does not set limits on /etc/security/limits
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rsh (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Karel Zak
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-07-11 10:21 EDT by Eddie Quinteros
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-28 02:36:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eddie Quinteros 2002-07-11 10:21:22 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (WinNT; I)

Description of problem:
We added these lines to /etc/security/limits :
 *       soft    nofile  1700
 *       hard    nofile  4096

 And this one to /etc/pam.d/rexec :
 session required /lib/security/pam_limits.so

 However processes started by rexec do not use the new limits.
 For example "rexec -l user -p passwd localhost ulimit -a" still prints 
 1024 as the number of open files.

When doing rsh of ulimits -a  I can see that open files is set to 1700
 However when doing rexec open files is set to 1024.

 I have taken traces of both commands and I now can see why.
 rshd does reads /etc/security/limits.conf and set the limis accordingly
 while rexecd does not it just set limits to default.

 Here is the proof.

 This is a trace of rshd , I just grep for limits here.
 and as we can see it reads /etc/security/limits.conf

 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1916  open("/lib/security/pam_limits.so", O_RDONLY) = 5
 1916  getrlimit(0, 0xbffdd960)          = 0
 1916  getrlimit(0x1, 0xbffdd970)        = 0
 1916  getrlimit(0x2, 0xbffdd980)        = 0
 1916  getrlimit(0x3, 0xbffdd990)        = 0
 1916  getrlimit(0x4, 0xbffdd9a0)        = 0
 1916  getrlimit(0x5, 0xbffdd9b0)        = 0
 1916  getrlimit(0x6, 0xbffdd9c0)        = 0
 1916  getrlimit(0x7, 0xbffdd9d0)        = 0
 1916  getrlimit(0x8, 0xbffdd9e0)        = 0
 1916  getrlimit(0x9, 0xbffdd9f0)        = 0
 1916  getrlimit(0xa, 0xbffdda00)        = 0
 1916  open("//etc/security/limits.conf", O_RDONLY) = 4
 1916  read(4, "# /etc/security/limits.conf\n#\n#E"..., 4096) = 1396
 1916  setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) 
 = 0
 1916  setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 
 0
 1916  setrlimit(RLIMIT_NPROC, {rlim_cur=10238, rlim_max=10238}) = 0
 1916  setrlimit(RLIMIT_NOFILE, {rlim_cur=1700, rlim_max=4*1024}) = 0
 1916  setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
 1916  setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, 
 rlim_max=RLIM_INFINITY}) = 0
 1918  getrlimit(0x7, 0xbffdfb90)        = 0
 1918  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1918  getrlimit(0x4, 0xbffffbf0)        = 0
 1918  getrlimit(0x2, 0xbffffbf0)        = 0
 1918  getrlimit(0x1, 0xbffffbf0)        = 0
 1918  getrlimit(0x8, 0xbffffbf0)        = 0
 1918  getrlimit(0x5, 0xbffffbf0)        = 0
 1918  getrlimit(0x7, 0xbffffbf0)        = 0
 1918  getrlimit(0x3, 0xbffffbf0)        = 0
 1918  getrlimit(0, 0xbffffbf0)          = 0
 1918  getrlimit(0x6, 0xbffffbf0)        = 0
 1918  getrlimit(0x9, 0xbffffbf0)        = 0

 Here is a trace of rexecd and I grep for limit. As we can see
 /etc/security/limits.conf values are not reset.

 1678  setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
 1678  open("/lib/security/pam_limits.so", O_RDONLY) = 6
 1678  getrlimit(0x7, 0xbffdfbb0)        = 0
 1678  execve("/bin/bash", ["bash", "-c", "ulimit -a"], [/* 4 vars */]) = 0
 1678  getrlimit(0x4, 0xbffffbf0)        = 0
 1678  getrlimit(0x2, 0xbffffbf0)        = 0
 1678  getrlimit(0x1, 0xbffffbf0)        = 0
 1678  getrlimit(0x8, 0xbffffbf0)        = 0
 1678  getrlimit(0x5, 0xbffffbf0)        = 0
 1678  getrlimit(0x7, 0xbffffbf0)        = 0
 1678  getrlimit(0x3, 0xbffffbf0)        = 0
 1678  getrlimit(0, 0xbffffbf0)          = 0
 1678  getrlimit(0x6, 0xbffffbf0)        = 0
 1678  getrlimit(0x9, 0xbffffbf0)        = 0

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. change the nofiles limits in /etc/security/limits
2.change /etc/pam.d/rexec to have pam limits
3.rexec -l user -p passwd localhost ulimit -a stills print the default limits not the ones we just set up.
	

Additional info:
Comment 1 Tomas Mraz 2004-11-16 08:29:51 EST
The problem is that the rexecd doesn't call pam_open_session where the
limits are applied as rshd calls.
Comment 2 Karel Zak 2004-11-17 12:47:49 EST
Fixed in devel branch rsh-0.17-25 [FC-4].

Note You need to log in before you can comment on or make changes to this bug.