From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9436 invoked from network); 25 Jan 2001 12:34:53 -0000 Received: from sunsite.dk (130.225.51.30) by ns1.primenet.com.au with SMTP; 25 Jan 2001 12:34:53 -0000 Received: (qmail 686 invoked by alias); 25 Jan 2001 12:34:42 -0000 Mailing-List: contact zsh-users-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 3596 Received: (qmail 675 invoked from network); 25 Jan 2001 12:34:42 -0000 X-Envelope-Sender-Is: Andrej.Borsenkow@mow.siemens.ru (at relayer david.siemens.de) From: "Andrej Borsenkow" To: "Tarmo J?rvi" , Subject: RE: process limit/su problem Date: Thu, 25 Jan 2001 15:34:37 +0300 Message-ID: <001d01c086cb$2e33be80$21c9ca95@mow.siemens.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <23649114.980415184798.JavaMail.wls@webwl02> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 > > > Hello dear list, > > I have following lines in /etc/zshenv to prevent fork-bombing etc > by ordinary users : > > if [ `id -gn` = `id -un` -a `id -u` -gt 14 ] > then > ulimit -H -u 64 -c 65536 -f 2097152 -n 128 > else > ulimit -u 2048 -c 65536 -f 4194394 -n 1024 > fi > Limits are inherited. Granted, this should not apply to root, but it is most probably kernel (or RedHat) specific problem. Put ulimt -a; id -a at the top of your /etc/zshenv to see actual limits and user rights. If you have more or less recent zsh (3.1.9 for sure) that supportts mapfile module, you can avoid forking: zmodload zsh/mapfile (this may be zmodload mapfile for older vresions) GNAME=${${(M)${(f@)${mapfile[/etc/group]}}:#[^:]##:[^:]#:$GID:*}%%:*} UNAME=${${(M)${(f@)${mapfile[/etc/passwd]}}:#[^:]##:[^:]#:$UID:*}%%:*} if [[ $GNAME = $UNAME -a $UID -gt 14 ]]; ... another (less daunting :-) way to do the same while read line do if [[ ${line[(ws/:/)3]} = $GID ]]; then GNAME=${line[(ws/:/)1]} break done < /etc/group and the same for /etc/passwd -andrej > Everything works nicely except 'su root' (by few selected "power > users"). Usually my server is running about 100 processes owned by > root. When I'm logged in as, for example, tarmoj and do 'su root', > I get following errors: > > /etc/zshenv: fork failed: resource temporarily unavailable [33] > > So, obviously, the process limit for user is limiting the execution > of /etc/zshenv etc and thus (as root after 'su' )I have to manually > set higher process limit and set other variables. > > So, my question is, is there any other way to prevent this > (otherthan ssh root@localhost)? > >