Date: Fri, 15 Jul 2022 17:04:18 -0500 From: Larry Rosenman <ler@lerctr.org> To: Freebsd current <freebsd-current@freebsd.org> Subject: limits.conf/stacksize doesn't seem to work? Message-ID: <d997dadc5e1b09fa6af0419f6641ed7f@lerctr.org>
next in thread | raw e-mail | index | archive | help
I'm using the following kernel config: โฏ cat LER-MINIMAL # LER-MINIMAL -- kernel config based on MINIMAL include MINIMAL ident LER-MINIMAL nooptions WITNESS # Enable checks to detect deadlocks and cycles nooptions WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed options KDB_UNATTENDED #options DEBUG_MEMGUARD #options DEBUG_REDZONE makeoptions WITH_EXTRA_TCP_STACKS=1 options TCPHPTS device mfi options TCP_RFC7413 # Kernel dump features. options EKCD # Support for encrypted kernel dumps options GZIO # gzip-compressed kernel and user dumps options ZSTDIO # zstd-compressed kernel and user dumps options NETDUMP # netdump(4) client support # ipsec support options IPSEC_SUPPORT device crypto #netgraph debug options NETGRAPH_DEBUG #tcp ratelimit options RATELIMIT ## INVARIANTS options INVARIANT_SUPPORT options INVARIANTS ler in ๐ borg in sys/amd64/conf๐ on ๎ ler/freebsd-main-changes:main on โ๏ธ (us-east-1) โฏ and the following login.conf: โฏ cat /etc/login.conf # login.conf - login class capabilities database. # # Remember to rebuild the database after each change to this file: # # cap_mkdb /etc/login.conf # # This file controls resource limits, accounting limits and # default user environment settings. # # $FreeBSD$ # # Default settings effectively disable resource limits, see the # examples below for a starting point to enable them. # defaults # These settings are used by login(1) by default for classless users # Note that entries like "cputime" set both "cputime-cur" and "cputime-max" # # Note that since a colon ':' is used to separate capability entries, # a \c escape sequence must be used to embed a literal colon in the # value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX # AND SEMANTICS'' section of getcap(3) for more escape sequences). default:\ :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\ :welcome=/var/run/motd:\ :setenv=BLOCKSIZE=K:\ :mail=/var/mail/$:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ :nologin=/var/run/nologin:\ :cputime=unlimited:\ :datasize=unlimited:\ :stacksize=unlimited:\ :memorylocked=64K:\ :memoryuse=unlimited:\ :filesize=unlimited:\ :coredumpsize=unlimited:\ :openfiles=unlimited:\ :maxproc=unlimited:\ :sbsize=unlimited:\ :vmemoryuse=unlimited:\ :swapuse=unlimited:\ :pseudoterminals=unlimited:\ :kqueues=unlimited:\ :umtxp=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022:\ :charset=UTF-8:\ :lang=C.UTF-8: # # A collection of common class names - forward them all to 'default' # (login would normally do this anyway, but having a class name # here suppresses the diagnostic) # standard:\ :tc=default: xuser:\ :tc=default: staff:\ :tc=default: # This PATH may be clobbered by individual applications. Notably, by default, # rc(8), service(8), and cron(8) will all override it with a default PATH that # may not include /usr/local/sbin and /usr/local/bin when starting services or # jobs. daemon:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\ :mail@:\ :memorylocked=128M:\ :tc=default: news:\ :tc=default: dialer:\ :tc=default: # # Root can always login # # N.B. login_getpwclass(3) will use this entry for the root account, # in preference to 'default'. root:\ :ignorenologin:\ :memorylocked=unlimited:\ :tc=default: # # Russian Users Accounts. Setup proper environment variables. # russian|Russian Users Accounts:\ :charset=UTF-8:\ :lang=ru_RU.UTF-8:\ :tc=default: bacula_dir:\ :stacksize-max=68719476736:\ :stacksize-cur=68719476736:\ :tc=daemon: ###################################################################### ###################################################################### ## ## Example entries ## ###################################################################### ###################################################################### ## Example defaults ## These settings are used by login(1) by default for classless users ## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" # #default:\ # :cputime=infinity:\ # :datasize-cur=22M:\ # :stacksize-cur=8M:\ # :memorylocked-cur=10M:\ # :memoryuse-cur=30M:\ # :filesize=infinity:\ # :coredumpsize=infinity:\ # :maxproc-cur=64:\ # :openfiles-cur=64:\ # :priority=0:\ # :requirehome@:\ # :umask=022:\ # :tc=auth-defaults: # # ## ## standard - standard user defaults ## #standard:\ # :copyright=/etc/COPYRIGHT:\ # :welcome=/var/run/motd:\ # :setenv=BLOCKSIZE=K:\ # :mail=/var/mail/$:\ # :path=~/bin /bin /usr/bin /usr/local/bin:\ # :manpath=/usr/share/man /usr/local/man:\ # :nologin=/var/run/nologin:\ # :cputime=1h30m:\ # :datasize=8M:\ # :vmemoryuse=100M:\ # :stacksize=2M:\ # :memorylocked=4M:\ # :memoryuse=8M:\ # :filesize=8M:\ # :coredumpsize=8M:\ # :openfiles=24:\ # :maxproc=32:\ # :priority=0:\ # :requirehome:\ # :passwordtime=90d:\ # :umask=002:\ # :ignoretime@:\ # :tc=default: # # ## ## users of X (needs more resources!) ## #xuser:\ # :manpath=/usr/share/man /usr/local/man:\ # :cputime=4h:\ # :datasize=12M:\ # :vmemoryuse=infinity:\ # :stacksize=4M:\ # :filesize=8M:\ # :memoryuse=16M:\ # :openfiles=32:\ # :maxproc=48:\ # :tc=standard: # # ## ## Staff users - few restrictions and allow login anytime ## #staff:\ # :ignorenologin:\ # :ignoretime:\ # :requirehome@:\ # :accounted@:\ # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ # :umask=022:\ # :tc=standard: # # ## ## root - fallback for root logins ## #root:\ # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ # :cputime=infinity:\ # :datasize=infinity:\ # :stacksize=infinity:\ # :memorylocked=infinity:\ # :memoryuse=infinity:\ # :filesize=infinity:\ # :coredumpsize=infinity:\ # :openfiles=infinity:\ # :maxproc=infinity:\ # :memoryuse-cur=32M:\ # :maxproc-cur=64:\ # :openfiles-cur=1024:\ # :priority=0:\ # :requirehome@:\ # :umask=022:\ # :tc=auth-root-defaults: # # ## ## Settings used by /etc/rc ## #daemon:\ # :coredumpsize@:\ # :coredumpsize-cur=0:\ # :datasize=infinity:\ # :datasize-cur@:\ # :maxproc=512:\ # :maxproc-cur@:\ # :memoryuse-cur=64M:\ # :memorylocked-cur=64M:\ # :openfiles=1024:\ # :openfiles-cur@:\ # :stacksize=16M:\ # :stacksize-cur@:\ # :tc=default: # # ## ## Settings used by news subsystem ## #news:\ # :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ # :cputime=infinity:\ # :filesize=128M:\ # :datasize-cur=64M:\ # :stacksize-cur=32M:\ # :coredumpsize-cur=0:\ # :maxmemorysize-cur=128M:\ # :memorylocked=32M:\ # :maxproc=128:\ # :openfiles=256:\ # :tc=default: # # ## ## The dialer class should be used for a dialup PPP account ## Welcome messages/news suppressed ## #dialer:\ # :hushlogin:\ # :requirehome@:\ # :cputime=unlimited:\ # :filesize=2M:\ # :datasize=2M:\ # :stacksize=4M:\ # :coredumpsize=0:\ # :memoryuse=4M:\ # :memorylocked=1M:\ # :maxproc=16:\ # :openfiles=32:\ # :tc=standard: # # ## ## Site full-time 24/7 PPP connection ## - no time accounting, restricted to access via dialin lines ## #site:\ # :ignoretime:\ # :passwordtime@:\ # :refreshtime@:\ # :refreshperiod@:\ # :sessionlimit@:\ # :autodelete@:\ # :expireperiod@:\ # :graceexpire@:\ # :gracetime@:\ # :warnexpire@:\ # :warnpassword@:\ # :idletime@:\ # :sessiontime@:\ # :daytime@:\ # :weektime@:\ # :monthtime@:\ # :warntime@:\ # :accounted@:\ # :tc=dialer:\ # :tc=staff: # # ## ## Example standard accounting entries for subscriber levels ## # #subscriber|Subscribers:\ # :accounted:\ # :refreshtime=180d:\ # :refreshperiod@:\ # :sessionlimit@:\ # :autodelete=30d:\ # :expireperiod=180d:\ # :graceexpire=7d:\ # :gracetime=10m:\ # :warnexpire=7d:\ # :warnpassword=7d:\ # :idletime=30m:\ # :sessiontime=4h:\ # :daytime=6h:\ # :weektime=40h:\ # :monthtime=120h:\ # :warntime=4h:\ # :tc=standard: # # ## ## Subscriber accounts. These accounts have their login times ## accounted and have access limits applied. ## #subppp|PPP Subscriber Accounts:\ # :tc=dialer:\ # :tc=subscriber: # # #subshell|Shell Subscriber Accounts:\ # :tc=subscriber: # ## ## If you want some of the accounts to use traditional UNIX DES based ## password hashes. ## #des_users:\ # :passwd_format=des:\ # :tc=default: ler in ๐ borg in sys/amd64/conf๐ on ๎ ler/freebsd-main-changes:main on โ๏ธ (us-east-1) โฏ I've updated my (ler) password entry to reference bacula_dir: ler:<elided>:1001:1001:bacula_dir:0:0:Larry Rosenman:/home/ler:/usr/local/bin/zsh when I ssh in, the stacklimit is still: โฏ ulimit -H -s 2097152 ler in ๐ borg in sys/amd64/conf๐ on ๎ ler/freebsd-main-changes:main on โ๏ธ (us-east-1) โฏ ulimit -S -s 2097152 ler in ๐ borg in sys/amd64/conf๐ on ๎ ler/freebsd-main-changes:main on โ๏ธ (us-east-1) โฏ Where does this number come from? What am I missing here? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: ler@lerctr.org US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d997dadc5e1b09fa6af0419f6641ed7f>