Re: process limit/su problem

Re: process limit/su problem

[Tarmo Järvi]

su - root ?

No :(

>Hello dear list,
>
>I have following lines in /etc/zshenv to prevent fork-bombing etc by
>ordinary users :
>
>if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
>then
>        ulimit -H -u 64 -c 65536 -f 2097152 -n 128
>else
>        ulimit -u 2048 -c 65536 -f 4194394 -n 1024
>fi
>
>Everything works nicely except 'su root' (by few selected "power users").
>Usually my server is running about 100 processes owned by root. When I'm
>logged in as, for example, tarmoj and do 'su root',  I get following errors:
>
>/etc/zshenv: fork failed: resource temporarily unavailable [33]
>
>So, obviously, the process limit for user is limiting the execution of
>/etc/zshenv etc and thus (as root after 'su' )I have to manually set  higher
>process limit and set other variables.
>
>So, my question is, is there any other way to prevent this (otherthan ssh
>root@localhost)?
>

Re: process limit/su problem

[Tarmo Järvi]

Hello,

>> I have following lines in /etc/zshenv to prevent fork-bombing etc
>> by ordinary users :
>>
>> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
>> then
>>         ulimit -H -u 64 -c 65536 -f 2097152 -n 128
>> else
>>         ulimit -u 2048 -c 65536 -f 4194394 -n 1024
>> fi
>
>another (less daunting :-) way to do the same
>
>while read line
>do
>if [[ ${line[(ws/:/)3]} = $GID ]]; then
>  GNAME=${line[(ws/:/)1]}
>  break
  fi
>done < /etc/group

Yes, it works! Even with ypcat passwd | while ....

Thanks a lot!

RE: process limit/su problem

[Andrej Borsenkow]

>
>
> Hello dear list,
>
> I have following lines in /etc/zshenv to prevent fork-bombing etc
> by ordinary users :
>
> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
> then
>         ulimit -H -u 64 -c 65536 -f 2097152 -n 128
> else
>         ulimit -u 2048 -c 65536 -f 4194394 -n 1024
> fi
>

Limits are inherited. Granted, this should not apply to root, but it is most
probably kernel (or RedHat) specific problem. Put ulimt -a; id -a at the top
of your /etc/zshenv to see actual limits and user rights.


If you have more or less recent zsh (3.1.9 for sure) that supportts mapfile
module, you can avoid forking:

zmodload zsh/mapfile (this may be zmodload mapfile for older vresions)
GNAME=${${(M)${(f@)${mapfile[/etc/group]}}:#[^:]##:[^:]#:$GID:*}%%:*}
UNAME=${${(M)${(f@)${mapfile[/etc/passwd]}}:#[^:]##:[^:]#:$UID:*}%%:*}

if [[ $GNAME = $UNAME -a $UID -gt 14 ]];
 ...

another (less daunting :-) way to do the same

while read line
do
if [[ ${line[(ws/:/)3]} = $GID ]]; then
  GNAME=${line[(ws/:/)1]}
  break
done < /etc/group

and the same for /etc/passwd


-andrej

> Everything works nicely except 'su root' (by few selected "power
> users"). Usually my server is running about 100 processes owned by
> root. When I'm logged in as, for example, tarmoj and do 'su root',
> I get following errors:
>
> /etc/zshenv: fork failed: resource temporarily unavailable [33]
>
> So, obviously, the process limit for user is limiting the execution
> of /etc/zshenv etc and thus (as root after 'su' )I have to manually
> set  higher process limit and set other variables.
>
> So, my question is, is there any other way to prevent this
> (otherthan ssh root@localhost)?
>
>

RE: process limit/su problem

[Joakim Ryden]

su - root ?

Jo

-----Original Message-----
From: Tarmo Järvi [mailto:tarmoj@iobox.com]
Sent: Thursday, January 25, 2001 4:33 AM
To: zsh-users@sunsite.auc.dk
Subject: process limit/su problem


Hello dear list,

I have following lines in /etc/zshenv to prevent fork-bombing etc by
ordinary users :

if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
then
        ulimit -H -u 64 -c 65536 -f 2097152 -n 128
else
        ulimit -u 2048 -c 65536 -f 4194394 -n 1024
fi

Everything works nicely except 'su root' (by few selected "power users").
Usually my server is running about 100 processes owned by root. When I'm
logged in as, for example, tarmoj and do 'su root',  I get following errors:

/etc/zshenv: fork failed: resource temporarily unavailable [33]

So, obviously, the process limit for user is limiting the execution of
/etc/zshenv etc and thus (as root after 'su' )I have to manually set  higher
process limit and set other variables.

So, my question is, is there any other way to prevent this (otherthan ssh
root@localhost)?

process limit/su problem

[Tarmo Järvi]

Hello dear list,

I have following lines in /etc/zshenv to prevent fork-bombing etc by ordinary users :

if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
then
        ulimit -H -u 64 -c 65536 -f 2097152 -n 128
else
        ulimit -u 2048 -c 65536 -f 4194394 -n 1024
fi

Everything works nicely except 'su root' (by few selected "power users"). Usually my server is running about 100 processes owned by root. When I'm logged in as, for example, tarmoj and do 'su root',  I get following errors:

/etc/zshenv: fork failed: resource temporarily unavailable [33]

So, obviously, the process limit for user is limiting the execution of /etc/zshenv etc and thus (as root after 'su' )I have to manually set  higher process limit and set other variables.

So, my question is, is there any other way to prevent this (otherthan ssh root@localhost)?