ssh trucuje pri pouziti pam_limits ?
Peter Popovec
popovec na zub.fei.tuke.sk
Pátek Leden 4 12:09:51 CET 2002
Dobry,
Mam problem s pouzitim pam_limits pri ssh prihlasovani, jedna sa o
limit poctu spustenych procesov (nahradne riesenie cez ulimit mam.. ale
nepaci sa mi). Hladanie cez google -> podobna otazka, ale ziadne riesenie.
(mozno zle hladam)
Takze konkretne:
/etc/pam.d/ssh .. ma zadefinovane pouzitie pam_limits (podobne login atd.)
session required pam_limits.so
povedzme pre nejakeho usera dame limit na pocet procesov:
/etc/security/limits.conf
guest1000 hard nproc 20
Problem nastane ked sa tento uzivatel ma prihlasit cez ssh:
------------
% ssh komp1 -l guest1000
guest1000 na komp1's password:
Received disconnect from 10.10.10.10: 2: fork failed: Resource temporarily
unavailable
%
------------
(samozrejme .. tento user _nema_ prekroceny pocet procesov t.j. nic mu v
tom case nebezi na cielovom pocitaci)
strace sshd procesu na ciel. pocitaci .. len ta snad zaujimava cast:
------------
setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_NPROC, {rlim_cur=20, rlim_max=20}) = 0
setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setpriority(PRIO_PROCESS, 0, 0) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 9
connect(9, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
write(9, "\2\0\0\0\0\0\0\0\7\0\0\0", 12) = 12
write(9, "guest1000\0", 7) = 7
read(9, "\310\331\26@\1\0\0\0\7\0\0\0\2\0\0\0am\0\0am\0\0\4\0\0"..., 36) =
36
read(9, "guest1000\0x\0,,,\0/home/guest/guest1000\0"..., 42) = 42
close(9) = 0
stat64("/home/guest/guest1000", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fork() = -1 EAGAIN (Resource temporarily unavailable)
------------------
ked sa hlasim ako user bez limitu: (je to ozaj len riadok
setrlimit(RLIMIT_NPROC, {rlim_cur=256, rlim_max=RLIM_INFINITY}) = 0
ako pozeram)
------------------
setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_NPROC, {rlim_cur=256, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
setrlimit(RLIMIT_MEMLOCK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_AS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(0xa /* RLIMIT_??? */, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setpriority(PRIO_PROCESS, 0, 0) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 9
connect(9, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
write(9, "\2\0\0\0\0\0\0\0\10\0\0\0", 12) = 12
write(9, "popovec\0", 8) = 8
read(9, "P\332\26@\1\0\0\0\10\0\0\0\2\0\0\0\26\r\0\0d\0\0\0\16\0"..., 36) = 36
read(9, "popovec\0x\0Peter Popovec\0/home/za"..., 54) = 54
close(9) = 0
stat64("/home/zamest/popovec", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fork() = 26490
------------
je jedno ci pouzivam overenie usera cez pam_unix alebo pam_ldap atd ..
pri hladani na google som nasiel podobny problem, kde niekto radil mat pocet
procesov aspon 33 (mne nepomohlo ani 64 ...)
system debian sid, ssh 3.0.1p1-1.2, jadro 2.4.12 aj 2.4.17..
Hladat problem v pam ? sshd ? kernel ?
Peter Popovec
Další informace o konferenci Linux