On May 5, 2014, at 1:14 PM, Stephen Harris <lists@xxxxxxxxxx> wrote:
> On Mon, May 05, 2014 at 12:44:01PM -0600, Nathan Duehr wrote:
>> Not processes started that change to a non-root user from a root/init/rc
>> script. No session. At least not from what I was seeing in 5.10.
>> Intended or not, it wasn't behaving like PAM was ever involved. :-)
>
> If you're doing it as "su user" then pam.d/su is called which calls
> system-auth which calls pam_limits. If you're doing it as "runuser"
> then pam.d/runuser is called which directly calls pam_limits
>
> If your program just does setreuid() calls (which it can do if started as
> root, or is setuid) then it's not going near PAM and so will inherit
> the kernel defaults (if started by init) or the user current values
> (if started by a user).
Yup... guess which one Asterisk did back in 1.4 ? :-)
(Yeah it's ancient... [insert usual operational excuses here].)
--
Nate Duehr
denverpilot@xxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
