From owner-freebsd-questions@FreeBSD.ORG Thu Dec 6 22:47:51 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1623BA06 for ; Thu, 6 Dec 2012 22:47:51 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by mx1.freebsd.org (Postfix) with ESMTP id D1BA28FC0C for ; Thu, 6 Dec 2012 22:47:50 +0000 (UTC) Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.39]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 4D168A7195B for ; Thu, 6 Dec 2012 17:47:44 -0500 (EST) Received: (qmail 20450 invoked from network); 6 Dec 2012 22:47:43 -0000 Received: by simscan 1.4.0 ppid: 29622, pid: 9796, t: 0.1659s scanners: clamav: m: Received: from unknown (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 6 Dec 2012 22:47:43 -0000 Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.8]) by be-well.ilk.org (Postfix) with ESMTP id 2D9FB33C23; Thu, 6 Dec 2012 17:47:37 -0500 (EST) Received: by lowell-desk.lan (Postfix, from userid 1147) id B1B9239855; Thu, 6 Dec 2012 17:47:37 -0500 (EST) From: Lowell Gilbert To: Vagner Subject: Re: Login class and limit References: <20121206143201.GB42583@vagner-wrk.bsdway.ru> <37A52274-D877-4AED-82F3-CF058DEC9DBE@mac.com> <20121206203638.GA4540@vagner-wrk.bsdway.ru> Date: Thu, 06 Dec 2012 17:47:37 -0500 In-Reply-To: <20121206203638.GA4540@vagner-wrk.bsdway.ru> (vagner@bsdway.ru's message of "Fri, 7 Dec 2012 00:36:38 +0400") Message-ID: <444njy6bna.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Dec 2012 22:47:51 -0000 Vagner writes: > On 06:53 Thu 06 Dec , Charles Swiger wrote: >> "su -", "su -l", and "sudo -i" provide a login shell, which gets the >> limits setup by login.conf. Normally daemons are started at boot >> via rc mechanism (or perhaps get spawned from inetd) and do not >> have a login shell associated with them to setup the limits. >> >> Either use one of the su/sudo flavors I mention above, or "/bin/sh -l" >> to provide a login env to the process? > > ie means to implement restrictions limits(1) and login.conf(5) for daemons is not possible? It's possible, but you would have to use a login shell, which is usually inconvenient for a daemon (not having an attached terminal for I/O). The usual way to do this is to start the daemon in a script that explicitly sets the limits with /usr/bin/limits (or maybe ulimit, but limits(1) seems more common). Several ports do this, for example.