On Mon, Jul 07, Nalin Dahyabhai wrote: > Consider pam_limits, which to work properly must be called to open a > session after privileges have been dropped (else certain limits such as > that on the number of running processes prevents applications like sshd > from even forking to start a shell on behalf of the user). IIRC, this > is the specific reason that OpenSSH has flipflopped on this particular > question before [1]. This is incorrect. pam_limits does not work after privileges have been dropped (No bugzilla ID, because our bugzilla is not public accessible for everybody) and this is the reason why we revert most this changes. There are limits, which you can only modify as root, and others which should only be set as user. In this special case I think this is a pam_limits problem and cannot be fixed in the application itself by dropping privilegs to early. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SuSE Linux AG Deutschherrnstr. 15-19 D-90429 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
