From owner-freebsd-hackers@freebsd.org Sat Jun 24 17:43:27 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F3FEDA3063 for ; Sat, 24 Jun 2017 17:43:27 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3009474468 for ; Sat, 24 Jun 2017 17:43:27 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by mail-wr0-x229.google.com with SMTP id k67so102567029wrc.2 for ; Sat, 24 Jun 2017 10:43:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LHUbyn/EFV5548wKXu9vyuPWPyMVqFhfIJ6Quadpy6k=; b=sv0ud2GZwUcNb5U0cLxoJT+XvbCBd21PXQfKxsLmHf73xf3EDtp7tL+R6OT2EgxDje Hu1uUcSJaGPHXqer3AbArDwToX5jFwxRv7SMFD2DTbtza+RSHBMWSKEtsAesrYeA41zg 7us1yoViRLkMErmapnpZ0YGUjaHnjFAMaI5Dwjrx1RMAeVmsw3TXQHqE6vbQZ/TMJMJN QOphtdZ22dxt8ZFYv/wEAP2BlqbBVK2UFRcU1KOFhjiJiTOjAeUAjwv6YqtUb8RGZNNI OUaBvz+pak00sKiU9j5ovHV0vmQHngt4QXtBt+QYY/Nw7LH8CbMdL4xOQzGy/QJZdHBD e2Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LHUbyn/EFV5548wKXu9vyuPWPyMVqFhfIJ6Quadpy6k=; b=MXKmvjD3c8+w6V1KasleuZc7Lf4GhQJFIizfmaRjgkq7VjIBNMqsFC2OmhD1YPg1b6 ku5IamAA1MrReigZuY8vNc4jg3gw/I44lFer5vS7uQgno2ZnD1qNS7bgeRP9TrSAPPiv LWjdtvQwf2ZTvGplOSlNJTPBGQWp4ZaKzuivVtJ2sAV8tDCOCkiKjPxDgAnseeP5nY+9 6ZavnUwXLeVTAlTxS1OSsQDmb0peS2GhypZZhZlGwN9RREvoo9wdsUrhleva7oUyHX3f fkRER4zNrcScZvhQjv1GmlBaTbRKpxuMjcxQWepe8DepTUriEMprXTKyZ6hiuZrisSsU /Gqg== X-Gm-Message-State: AKS2vOwIUGQjsYLKR3IDcadEiGBEuBPHLwnRpAhsGrVL96KLtgSHXKLG CCM+YeMxNYHA6GPkiZDlrXOs1Te8eg== X-Received: by 10.28.65.68 with SMTP id o65mr8722931wma.68.1498326205621; Sat, 24 Jun 2017 10:43:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.183.138 with HTTP; Sat, 24 Jun 2017 10:43:24 -0700 (PDT) In-Reply-To: <1599987034.20170623182536@mail.ru> References: <1599987034.20170623182536@mail.ru> From: Adrian Chadd Date: Sat, 24 Jun 2017 10:43:24 -0700 Message-ID: Subject: Re: using rc.subr only by root restriction To: Anthony Pankov Cc: "freebsd-hackers@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sat, 24 Jun 2017 21:02:53 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jun 2017 17:43:27 -0000 hi, this was my fault. :) There are some limits that you can set as a user. I think this is a fine change; but I can't speak for the correctness of using rc.subr as a general library set for your own purposes. :0 -a On 23 June 2017 at 08:25, Anthony Pankov via freebsd-hackers wrote: > Greetings > > I was deploying my new system based on FreeBSD 11 and got =D1=84 > surprise. > I have specific subsystem which use own startup scripts tied to rc.subr > for better integration. Those scripts can be used not only by syst= em startup but also by > unpriveleged user. > With FreeBSD 11 in case of unpriveleged user the error appear: "limits= : > setrlimit datasize: Operation not permitted" > > There is a thread on a forum about the issue: https://forums.freebsd.org/= threads/58304/ > > I've never seen a warning to do not use rc.subr in regular scripts so = I > made it this way. > > May be we can consider to patch rc.subr and remove this > restriction? > > > > P.S. This patch helps, but may be there is a better way. > --- /etc/rc.subr.old 2017-06-21 07:11:39.716210000 +0300 > +++ /etc/rc.subr 2017-06-21 07:18:21.215444000 +0300 > @@ -1072,7 +1072,9 @@ > fi > > # Prepend default limits > - _doit=3D"limits -C $_login_class $_doit" > + if [ `id -u` -eq 0 ]; then > + _doit=3D"limits -C $_login_class $_doit" > + fi > > # run the full command > # > > > -- > > Anthony Pankov mailto:ap00@mail.ru > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= "