* RE: process limit/su problem
@ 2001-01-25 9:36 Joakim Ryden
0 siblings, 0 replies; 5+ messages in thread
From: Joakim Ryden @ 2001-01-25 9:36 UTC (permalink / raw)
To: 'Tarmo Järvi', zsh-users
su - root ?
Jo
-----Original Message-----
From: Tarmo Järvi [mailto:tarmoj@iobox.com]
Sent: Thursday, January 25, 2001 4:33 AM
To: zsh-users@sunsite.auc.dk
Subject: process limit/su problem
Hello dear list,
I have following lines in /etc/zshenv to prevent fork-bombing etc by
ordinary users :
if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
then
ulimit -H -u 64 -c 65536 -f 2097152 -n 128
else
ulimit -u 2048 -c 65536 -f 4194394 -n 1024
fi
Everything works nicely except 'su root' (by few selected "power users").
Usually my server is running about 100 processes owned by root. When I'm
logged in as, for example, tarmoj and do 'su root', I get following errors:
/etc/zshenv: fork failed: resource temporarily unavailable [33]
So, obviously, the process limit for user is limiting the execution of
/etc/zshenv etc and thus (as root after 'su' )I have to manually set higher
process limit and set other variables.
So, my question is, is there any other way to prevent this (otherthan ssh
root@localhost)?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: process limit/su problem
@ 2001-01-25 13:42 Tarmo Järvi
0 siblings, 0 replies; 5+ messages in thread
From: Tarmo Järvi @ 2001-01-25 13:42 UTC (permalink / raw)
To: zsh-users
Hello,
>> I have following lines in /etc/zshenv to prevent fork-bombing etc
>> by ordinary users :
>>
>> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
>> then
>> ulimit -H -u 64 -c 65536 -f 2097152 -n 128
>> else
>> ulimit -u 2048 -c 65536 -f 4194394 -n 1024
>> fi
>
>another (less daunting :-) way to do the same
>
>while read line
>do
>if [[ ${line[(ws/:/)3]} = $GID ]]; then
> GNAME=${line[(ws/:/)1]}
> break
fi
>done < /etc/group
Yes, it works! Even with ypcat passwd | while ....
Thanks a lot!
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: process limit/su problem
2001-01-25 9:33 Tarmo Järvi
@ 2001-01-25 12:34 ` Andrej Borsenkow
0 siblings, 0 replies; 5+ messages in thread
From: Andrej Borsenkow @ 2001-01-25 12:34 UTC (permalink / raw)
To: Tarmo J?rvi, zsh-users
>
>
> Hello dear list,
>
> I have following lines in /etc/zshenv to prevent fork-bombing etc
> by ordinary users :
>
> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
> then
> ulimit -H -u 64 -c 65536 -f 2097152 -n 128
> else
> ulimit -u 2048 -c 65536 -f 4194394 -n 1024
> fi
>
Limits are inherited. Granted, this should not apply to root, but it is most
probably kernel (or RedHat) specific problem. Put ulimt -a; id -a at the top
of your /etc/zshenv to see actual limits and user rights.
If you have more or less recent zsh (3.1.9 for sure) that supportts mapfile
module, you can avoid forking:
zmodload zsh/mapfile (this may be zmodload mapfile for older vresions)
GNAME=${${(M)${(f@)${mapfile[/etc/group]}}:#[^:]##:[^:]#:$GID:*}%%:*}
UNAME=${${(M)${(f@)${mapfile[/etc/passwd]}}:#[^:]##:[^:]#:$UID:*}%%:*}
if [[ $GNAME = $UNAME -a $UID -gt 14 ]];
...
another (less daunting :-) way to do the same
while read line
do
if [[ ${line[(ws/:/)3]} = $GID ]]; then
GNAME=${line[(ws/:/)1]}
break
done < /etc/group
and the same for /etc/passwd
-andrej
> Everything works nicely except 'su root' (by few selected "power
> users"). Usually my server is running about 100 processes owned by
> root. When I'm logged in as, for example, tarmoj and do 'su root',
> I get following errors:
>
> /etc/zshenv: fork failed: resource temporarily unavailable [33]
>
> So, obviously, the process limit for user is limiting the execution
> of /etc/zshenv etc and thus (as root after 'su' )I have to manually
> set higher process limit and set other variables.
>
> So, my question is, is there any other way to prevent this
> (otherthan ssh root@localhost)?
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: process limit/su problem
@ 2001-01-25 11:38 Tarmo Järvi
0 siblings, 0 replies; 5+ messages in thread
From: Tarmo Järvi @ 2001-01-25 11:38 UTC (permalink / raw)
To: zsh-users
su - root ?
No :(
>Hello dear list,
>
>I have following lines in /etc/zshenv to prevent fork-bombing etc by
>ordinary users :
>
>if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
>then
> ulimit -H -u 64 -c 65536 -f 2097152 -n 128
>else
> ulimit -u 2048 -c 65536 -f 4194394 -n 1024
>fi
>
>Everything works nicely except 'su root' (by few selected "power users").
>Usually my server is running about 100 processes owned by root. When I'm
>logged in as, for example, tarmoj and do 'su root', I get following errors:
>
>/etc/zshenv: fork failed: resource temporarily unavailable [33]
>
>So, obviously, the process limit for user is limiting the execution of
>/etc/zshenv etc and thus (as root after 'su' )I have to manually set higher
>process limit and set other variables.
>
>So, my question is, is there any other way to prevent this (otherthan ssh
>root@localhost)?
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* process limit/su problem
@ 2001-01-25 9:33 Tarmo Järvi
2001-01-25 12:34 ` Andrej Borsenkow
0 siblings, 1 reply; 5+ messages in thread
From: Tarmo Järvi @ 2001-01-25 9:33 UTC (permalink / raw)
To: zsh-users
Hello dear list,
I have following lines in /etc/zshenv to prevent fork-bombing etc by ordinary users :
if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
then
ulimit -H -u 64 -c 65536 -f 2097152 -n 128
else
ulimit -u 2048 -c 65536 -f 4194394 -n 1024
fi
Everything works nicely except 'su root' (by few selected "power users"). Usually my server is running about 100 processes owned by root. When I'm logged in as, for example, tarmoj and do 'su root', I get following errors:
/etc/zshenv: fork failed: resource temporarily unavailable [33]
So, obviously, the process limit for user is limiting the execution of /etc/zshenv etc and thus (as root after 'su' )I have to manually set higher process limit and set other variables.
So, my question is, is there any other way to prevent this (otherthan ssh root@localhost)?
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2001-01-25 13:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-01-25 9:36 process limit/su problem Joakim Ryden
-- strict thread matches above, loose matches on Subject: below --
2001-01-25 13:42 Tarmo Järvi
2001-01-25 11:38 Tarmo Järvi
2001-01-25 9:33 Tarmo Järvi
2001-01-25 12:34 ` Andrej Borsenkow
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).