Red Hat Bugzilla – Bug 79517
limits.conf does not have any effect in a shell that was opened by logging in with ssh
Last modified: 2015-01-07 19:02:16 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; UiuqmHmqouVilORJ)
Description of problem:
My /etc/security/limits.conf looks like this:
## Start /etc/security/limits.conf
foo soft nofile 16384
* soft nofile 1024
* hard nofile 16384
So `ulimit -n` should output "1024" for every user except for foo.
I was working with RedHat7.3 and this was doing fine.
Now I installed RedHat8.0 and the following problem occures:
When I log in locally everything works as intended.
But when I remotely log in with ssh as user foo, `ulimit -n` outputs "1024" and
not "16384" as expected.
Ant not only ulimit outputs the wrong numbers, the processes I start as user
foo are really only allowed to open 1024 files at the same time.
A workaround I found was enabling the "UseLogin" Option
in /etc/ssh/sshd_config. -> (UseLogin yes)
But with RH7.3 it worked without this option set.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Install RedHat8.0 with sshd and latest updates
2.Enter the example value in /etc/security/limits.conf
3.Log in with ssh as user foo.
Actual Results: The processes of user foo in a ssh-shell were only able to
open 1024 files at a time.
Expected Results: The processes of user foo in a ssh-shell should be able to
open more than 1024 files at a time.
Linux Foocomp 2.4.18-18.8.0smp #1 SMP Wed Nov 13 23:11:20 EST 2002 i686 athlon
i had exactly this problem myself. pam_limits was not working, in the same way,
on redhat 8.0, while it did work on redhat 7.3.
FWIW one thing i noticed was that if i set a user's limit LOWER than the
default, eg "nofile 100", it DID get applied when the user logged in via ssh.
but i could not INCREASE the limit, which is what i needed to do. (so i'd guess
it's some kind of privilege issue??)
thx for including that workaround ("UseLogin yes" in sshd_config). it was an
effective workaround for me too.
I see the same issue on RH 9
UseLogin does not appear to be an effective workaround in my environment because
it is incompatible with X11Forwarding (see man sshd_config).
I don't se the problem with current pam and openssh as of Fedora Core 2.