Re: [Vserver] pam rlimits

From: Nikolay Kichukov <hijacker_at_oldum.net>
Date: Sat 01 Jul 2006 - 11:30:07 BST
Message-Id: <1151749807.3085.1.camel@ccja.localhost>

Thanks Ben,
That solves the error reporting. Are those limits only set outside of
the guest and do they not apply per guest basis?

Thanks,
-Nik

On Thu, 2006-06-15 at 11:08 -0400, Benoît des Ligneris wrote:
> Hello,
>
> Quick and dirty solution : you can edit the
> files that refer to pam_limits.so in your /etc/pam.d/
>
> Generally, system-auth is concerned. You simply have to comment the line
> that refers to pam_limits
> #session required pam_limits.so
>
>
> The cause of the problem is that pam_limits try to set limits that are
> already sets _outside_ of the guest.
>
> If you want to play with the limits sets, you can modifiy
> /etc/security/limits.conf of the guest...
>
> [ All this was tested on a Mandriva guest but it sould be similar for
> other systems ]
>
> Ben
>
>
> Nikolay Kichukov a écrit :
> > Hello everybody,
> > I found out in thread
> > http://list.linux-vserver.org/archive/vserver/msg10043.html that
> > Thorsten Gunkel was having the same issue I experience right now with
> > pam limits generating a lot of error output in the auth.log file on the
> > guest.
> >
> > /var/log/auth.log :
> >
> > snip...
> > Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root
> > Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for user
> > venkas by (uid=0)
> > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for user
> > venkas by (uid=0)
> > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for user
> > venkas by (uid=0)
> > Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for user
> > psycho by (uid=0)
> > Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for user
> > o2crew by (uid=0)
> > Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for user
> > o2crew by (uid=0)
> > Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for user
> > o2crew by (uid=0)
> > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas
> > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas
> > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #11 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #12 to soft=-1,
> > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > snip...
> >
> >
> > I am running:
> > Versions:
> > Kernel: 2.6.16.11-vs2.1.1-rc19nevir
> > VS-API: 0x000100ff
> > util-vserver: 0.30.210; Jun 8 2006, 11:16:27
> >
> > Features:
> > CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1)
> > CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1)
> > CPPFLAGS: ''
> > CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
> > -funit-at-a-time'
> > CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
> > -fmessage-length=0 -funit-at-a-time'
> > build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
> > Use dietlibc: yes
> > Build C++ programs: yes
> > Build C99 programs: yes
> > Available APIs: compat,v11,fscompat,v13,net,oldproc,olduts
> > ext2fs Source: e2fsprogs
> > syscall(2) invocation: alternative
> > vserver(2) syscall#: 273/glibc
> >
> > Paths:
> > prefix: /usr/local
> > sysconf-Directory: /etc
> > cfg-Directory: /etc/vservers
> > initrd-Directory: $(sysconfdir)/init.d
> > pkgstate-Directory: ${prefix}/var/run/vservers
> > vserver-Rootdir: /var/lib/vservers/
> >
> >
> > How can this problem be solved?
> >
> > Regards,
> > -Nikolay Kichukov
> > _______________________________________________
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>

-- 
Когато сме щастливи, сме добри.
Но когато сме добри, не винаги сме щастливи...
-Оскар Уайлд
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Jul 1 11:30:51 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 01 Jul 2006 - 11:30:57 BST by hypermail 2.1.8