From: "Andrej Borsenkow" <Andrej.Borsenkow@mow.siemens.ru>
To: "Tarmo J?rvi" <tarmoj@iobox.com>, <zsh-users@sunsite.auc.dk>
Subject: RE: process limit/su problem
Date: Thu, 25 Jan 2001 15:34:37 +0300 [thread overview]
Message-ID: <001d01c086cb$2e33be80$21c9ca95@mow.siemens.ru> (raw)
In-Reply-To: <23649114.980415184798.JavaMail.wls@webwl02>
>
>
> Hello dear list,
>
> I have following lines in /etc/zshenv to prevent fork-bombing etc
> by ordinary users :
>
> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
> then
> ulimit -H -u 64 -c 65536 -f 2097152 -n 128
> else
> ulimit -u 2048 -c 65536 -f 4194394 -n 1024
> fi
>
Limits are inherited. Granted, this should not apply to root, but it is most
probably kernel (or RedHat) specific problem. Put ulimt -a; id -a at the top
of your /etc/zshenv to see actual limits and user rights.
If you have more or less recent zsh (3.1.9 for sure) that supportts mapfile
module, you can avoid forking:
zmodload zsh/mapfile (this may be zmodload mapfile for older vresions)
GNAME=${${(M)${(f@)${mapfile[/etc/group]}}:#[^:]##:[^:]#:$GID:*}%%:*}
UNAME=${${(M)${(f@)${mapfile[/etc/passwd]}}:#[^:]##:[^:]#:$UID:*}%%:*}
if [[ $GNAME = $UNAME -a $UID -gt 14 ]];
...
another (less daunting :-) way to do the same
while read line
do
if [[ ${line[(ws/:/)3]} = $GID ]]; then
GNAME=${line[(ws/:/)1]}
break
done < /etc/group
and the same for /etc/passwd
-andrej
> Everything works nicely except 'su root' (by few selected "power
> users"). Usually my server is running about 100 processes owned by
> root. When I'm logged in as, for example, tarmoj and do 'su root',
> I get following errors:
>
> /etc/zshenv: fork failed: resource temporarily unavailable [33]
>
> So, obviously, the process limit for user is limiting the execution
> of /etc/zshenv etc and thus (as root after 'su' )I have to manually
> set higher process limit and set other variables.
>
> So, my question is, is there any other way to prevent this
> (otherthan ssh root@localhost)?
>
>
next prev parent reply other threads:[~2001-01-25 12:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-25 9:33 Tarmo Järvi
2001-01-25 12:34 ` Andrej Borsenkow [this message]
2001-01-25 9:36 Joakim Ryden
2001-01-25 11:38 Tarmo Järvi
2001-01-25 13:42 Tarmo Järvi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001d01c086cb$2e33be80$21c9ca95@mow.siemens.ru' \
--to=andrej.borsenkow@mow.siemens.ru \
--cc=tarmoj@iobox.com \
--cc=zsh-users@sunsite.auc.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).