[Bug 83] New: fork() fails when there are PAM limits set
Matthew Vernon
matthew at debian.org
Thu Jan 31 20:54:36 EST 2002
bugzilla-daemon at mindrot.org writes:
> The problem is, when you set some resource limits in /etc/security/limits.conf
> for group X - nproc 20 ( maximum of running user processes - 20 ), and try to
> log with some user with group X, sshd says 'fork failed - resource temporary
> unavialable'. There are no other processes running for this user, and as far as
> i've seen, it makes something like authenticate-set limits-fork()-setuid() , and
> because there is a moment when it's running under root with really lowered
> limits, it bombs out.
> Any solutions?
My understanding of this is that it's a result of a fundamental
mis-design of PAM - you have to do the entire PAM conversation in one
go (as root), so this sort of PAM-based limiting is always going to be
prone to this sort of error.
Matthew
--
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org
More information about the openssh-unix-dev
mailing list