Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Jun 2017 10:43:24 -0700
From:      Adrian Chadd <adrian.chadd@gmail.com>
To:        Anthony Pankov <ap00@mail.ru>
Cc:        "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
Subject:   Re: using rc.subr only by root restriction
Message-ID:  <CAJ-Vmon8o2j22SRRyzn7jAqLXtOs-LZnm6HZDOfk2mtmBVz1jg@mail.gmail.com>
In-Reply-To: <1599987034.20170623182536@mail.ru>
References:  <1599987034.20170623182536@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
hi,

this was my fault. :)

There are some limits that you can set as a user.

I think this is a fine change; but I can't speak for the correctness
of using rc.subr as a general library set for your own purposes. :0


-a


On 23 June 2017 at 08:25, Anthony Pankov via freebsd-hackers
<freebsd-hackers@freebsd.org> wrote:
> Greetings
>
> I  was  deploying  my  new  system  based  on  FreeBSD 11 and got =D1=84
> surprise.
> I have specific subsystem which use own startup scripts tied to rc.subr
> for better integration. Those  scripts  can  be  used  not  only  by syst=
em startup but also by
> unpriveleged user.
> With  FreeBSD  11 in case of unpriveleged user the error appear:  "limits=
:
> setrlimit datasize: Operation not permitted"
>
> There is a thread on a forum about the issue: https://forums.freebsd.org/=
threads/58304/
>
> I've  never  seen a warning  to do not use rc.subr in regular scripts so =
I
> made it this way.
>
> May    be    we   can  consider  to  patch  rc.subr  and  remove  this
> restriction?
>
>
>
> P.S. This patch helps, but may be there is a better way.
> --- /etc/rc.subr.old    2017-06-21 07:11:39.716210000 +0300
> +++ /etc/rc.subr        2017-06-21 07:18:21.215444000 +0300
> @@ -1072,7 +1072,9 @@
>                         fi
>
>                                         # Prepend default limits
> -                       _doit=3D"limits -C $_login_class $_doit"
> +                       if [ `id -u` -eq 0 ]; then
> +                               _doit=3D"limits -C $_login_class $_doit"
> +                       fi
>
>                                         # run the full command
>                                         #
>
>
> --
>
>  Anthony Pankov                          mailto:ap00@mail.ru
>
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org=
"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmon8o2j22SRRyzn7jAqLXtOs-LZnm6HZDOfk2mtmBVz1jg>