vserver development mailing list: Re: [Vserver] pam rlimits

From: Benoît des Ligneris <Benoit.des.Ligneris_at_revolutionlinux.com>
Date: Thu 15 Jun 2006 - 16:08:55 BST
Message-id: <44917807.3010708@revolutionlinux.com>

Hello,

Quick and dirty solution : you can edit the
files that refer to pam_limits.so in your /etc/pam.d/

Generally, system-auth is concerned. You simply have to comment the line
that refers to pam_limits
#session required pam_limits.so

The cause of the problem is that pam_limits try to set limits that are
already sets _outside_ of the guest.

If you want to play with the limits sets, you can modifiy
/etc/security/limits.conf of the guest...

[ All this was tested on a Mandriva guest but it sould be similar for
other systems ]

Ben

Nikolay Kichukov a écrit :
> Hello everybody,
> I found out in thread
> http://list.linux-vserver.org/archive/vserver/msg10043.html that
> Thorsten Gunkel was having the same issue I experience right now with
> pam limits generating a lot of error output in the auth.log file on the
> guest.
>
> /var/log/auth.log :
>
> snip...
> Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root
> Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for user
> venkas by (uid=0)
> Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for user
> venkas by (uid=0)
> Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for user
> venkas by (uid=0)
> Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for user
> psycho by (uid=0)
> Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for user
> o2crew by (uid=0)
> Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for user
> o2crew by (uid=0)
> Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for user
> o2crew by (uid=0)
> Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas
> Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas
> Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #11 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #12 to soft=-1,
> hard=-1 failed: Operation not permitted; uid=0 euid=0
> snip...
>
>
> I am running:
> Versions:
> Kernel: 2.6.16.11-vs2.1.1-rc19nevir
> VS-API: 0x000100ff
> util-vserver: 0.30.210; Jun 8 2006, 11:16:27
>
> Features:
> CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1)
> CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1)
> CPPFLAGS: ''
> CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
> -funit-at-a-time'
> CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
> -fmessage-length=0 -funit-at-a-time'
> build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
> Use dietlibc: yes
> Build C++ programs: yes
> Build C99 programs: yes
> Available APIs: compat,v11,fscompat,v13,net,oldproc,olduts
> ext2fs Source: e2fsprogs
> syscall(2) invocation: alternative
> vserver(2) syscall#: 273/glibc
>
> Paths:
> prefix: /usr/local
> sysconf-Directory: /etc
> cfg-Directory: /etc/vservers
> initrd-Directory: $(sysconfdir)/init.d
> pkgstate-Directory: ${prefix}/var/run/vservers
> vserver-Rootdir: /var/lib/vservers/
>
>
> How can this problem be solved?
>
> Regards,
> -Nikolay Kichukov
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

-- 
Benoit des Ligneris Ph. D.
President de Revolution Linux            http://www.revolutionlinux.com/
OSCAR                                 http://oscar.openclustergroup.org/
EduLinux                                        http://www.edulinux.org/
Toutes les opinions et les prises de position exprimées dans ce courriel
sont celles de son auteur et ne répresentent pas nécessairement celles
de Révolution Linux
Any views and opinions expressed in this email are solely those of the
author and do not necessarily represent those of Revolution Linux
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Thu Jun 15 16:08:25 2006