79517 – limits.conf does not have any effect in a shell that was opened by logging in with ssh

Bug 79517 - limits.conf does not have any effect in a shell that was opened by logging in with ssh

Summary: limits.conf does not have any effect in a shell that was opened by logging i...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	pam
Sub Component:
Version:	8.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Jay Turner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-12-12 17:17 UTC by Mathias Retzlaff
Modified:	2015-01-08 00:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-09-16 12:08:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mathias Retzlaff 2002-12-12 17:17:13 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; UiuqmHmqouVilORJ)

Description of problem:
My /etc/security/limits.conf looks like this:

## Start /etc/security/limits.conf
foo	soft    nofile   16384
*	soft    nofile    1024
*	hard    nofile   16384
## End

So `ulimit -n` should output "1024" for every user except for foo.

I was working with RedHat7.3 and this was doing fine.
Now I installed RedHat8.0 and the following problem occures:

When I log in locally everything works as intended.
But when I remotely log in with ssh as user foo, `ulimit -n` outputs "1024" and 
not "16384" as expected.

Ant not only ulimit outputs the wrong numbers, the processes I start as user 
foo are really only allowed to open 1024 files at the same time.

A workaround I found was enabling the "UseLogin" Option 
in /etc/ssh/sshd_config.   -> (UseLogin yes)

But with RH7.3 it worked without this option set.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install RedHat8.0 with sshd and latest updates
2.Enter the example value in /etc/security/limits.conf
3.Log in with ssh as user foo.
	

Actual Results:  The processes of user foo in a ssh-shell were only able to 
open 1024 files at a time.

Expected Results:  The processes of user foo in a ssh-shell should be able to 
open more than 1024 files at a time.

Additional info:

uname -a:
Linux Foocomp 2.4.18-18.8.0smp #1 SMP Wed Nov 13 23:11:20 EST 2002 i686 athlon 
i386 GNU/Linux

Comment 1 Ed Price 2003-02-27 00:28:42 UTC

i had exactly this problem myself.  pam_limits was not working, in the same way,
 on redhat 8.0, while it did work on redhat 7.3.

FWIW one thing i noticed was that if i set a user's limit LOWER than the
default, eg "nofile 100", it DID get applied when the user logged in via ssh. 
but i could not INCREASE the limit, which is what i needed to do.  (so i'd guess
it's some kind of privilege issue??)

thx for including that workaround ("UseLogin yes" in sshd_config).  it was an
effective workaround for me too.

Comment 2 Jeffrey Siegal 2003-09-08 22:02:14 UTC

I see the same issue on RH 9

Comment 3 Jeffrey Siegal 2003-09-08 22:05:15 UTC

UseLogin does not appear to be an effective workaround in my environment because
it is incompatible with X11Forwarding (see man sshd_config).

Comment 4 Tomas Mraz 2004-09-16 12:08:58 UTC

I don't se the problem with current pam and openssh as of Fedora Core 2.

Note You need to log in before you can comment on or make changes to this bug.