[PLUG] Re: ulimit weirdness
Wil Cooley
wcooley at nakedape.cc
Thu Jan 27 23:01:05 UTC 2005
On 2005-01-27, Matt Alexander <lowbassman at gmail.com> wrote:
> I'm trying to change the max number of open files for a user (oracle).
> This is on a RedHat ES 3 box. I've modifed /etc/security/limits.conf
> and set the soft and hard limits for "nofile" for the oracle user. If
> I login directly as oracle then I get:
>
> -bash: ulimit: open files: cannot modify limit: Operation not permitted
>
> However, if I "su - oracle" then the new ulimit values are set. The
> PAM config files, system-auth and login, both contain pam_limits.so.
>
> Any ideas what's going on here?
Yes, you're trying to change them over SSH, aren't you? What happens is that
the limits built in for your shell (forked through sshd, at least indirectly)
are already set and sshd is running with privilege separation, so by the time
you've logged in, the limits cannot be raised. Try disabling privsep in sshd
and see if that helps. If so, add ulimit commands to your sshd init script,
re-enable privsep, and restart sshd after doing a full su to root.
If that sounds a little muddled, it's because it is. I ran into it a few
months ago and the details are a little fuzzy, but I'm fairly certain that
both increasing the ulimits in the init script and disabling privsep in sshd
fixed it, in different ways.
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
More information about the PLUG
mailing list