--=-TqsuXQfFLNKpAM6Ceczj Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Well, I found a workaround if not the answer. Modify /etc/ssh/sshd_config and set 'UsePrivilegeSeparation' to no, then restart sshd. The default for UsePrivilegeSeparation is yes. My guess is that, under UsePrivilegeSeparation yes, sshd is changing the euid to the incoming user AFTER opening the PAM session - thus causing the user to get the system defaults. Maybe somebody could provide a better explanation than me? Cheers! Sean On Mon, 2004-09-13 at 16:57, centos-admin@xxxxxxxxxxx wrote: > Why can't non-uid 0 users have more than 1024 file descriptors when > logging in via ssh? >=20 > I'm trying to allow a user to have a hard limit of 8192 file > descriptors(system defaults to 1024) via the following setting in > /etc/security/limits.conf: > jdoe hard nofile 8192 >=20 > But when jdoe logs in via ssh and does 'ulimit -Hn' he gets '1024' as a > response. If he tries to set it with 'ulimit -Hn 8192' he gets an > 'Operation not permitted' error. If jdoe instead telnets to the box, he > gets the hard limit of 8192 file descriptors. >=20 > Here is what happens when I set the hard limit to 512 in limits.conf: > jdoe hard nofile 512 >=20 > When jdoe logs in via ssh, he gets a hard limit of 512 file > descriptors. The same goes for telnet. So ssh is certainly reading the > limits.conf file and applying the settings, so long as nofile <=3D 1024. >=20 > Why won't ssh allow users to have more than 1024 file descriptors??? >=20 > Many thanks! > -Sean --=20 +--------------------------------------------------------------------+ | Sean Staats Systems Administrator, Developer | Questia Media, Inc. http://www.questia.com | PGP public key: http://www.staats.us/sean/keys/qpgp.asc |"Linux - World domination. Fast." --Linus Torvalds +--------------------------------------------------------------------+ --=-TqsuXQfFLNKpAM6Ceczj Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBRiz5J+mhQaC9R8URAsW7AJwPNDINn/2DsLyBok9BxbpDzO/JhQCfYaWp Xbs04ts2uj10DXJbMp+Vxbw= =zl7m -----END PGP SIGNATURE----- --=-TqsuXQfFLNKpAM6Ceczj--