Date: Thu, 14 Dec 2000 12:35:47 +0600 (NOVT) From: Alexey Dokuchaev <danfe@inet.ssc.nsu.ru> To: James Lim <jameslpin@pacific.net.sg> Cc: questions@FreeBSD.ORG Subject: Re: How come accounting limits of login.conf still doesn't work?! Message-ID: <Pine.LNX.4.10.10012141209280.30198-200000@inet.ssc.nsu.ru> In-Reply-To: <000d01c0640b$211c6220$2e189cca@sleipnir>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Hi! > Perhaps you would like to give an example of ur login.conf here and give > us a brief description of the problem? Sure, why not :) The problem is that not every limit of login.conf (though all of them are documented well in man login.conf(5) page) works for me. I'm trying to set up pretty secured server based on FreeBSD (+ maybe I'll try to adopt SecureBSD patch to it some day, but for now I simply want to get native FreeBSD security fearutes working). And, to my sincere dissappointment, I can't :-( General login.conf features, such as maxproc, openfiles, minpasswordlen and so on seem to work. Well, OK, I can ensure now that certain malicious user won't bring my box down on it's knees by a fork() bomb too soon :) But this is not all what I need. I see those nifty daytime, idletime, passwordtime, sessionlimit, warnpassword, warntime and such, and I want to use them as well! And, sadly enough, they don't appear to be working at all for me. As I understand, any limits that need time control, requite special daemon to spawn a process for each login session in order to work. So how come that it's not written yet? [Or, prove me wrong otherwise] Anyway, I seek and will certainly appreciate any help/information regarding this subject as it is of pretty high importance for me. Thank you. My login.conf attached at the end of this message. -- Yours, DAN Fe [-- Attachment #2 --] From test@technical.ssc.nsu.ru Thu Dec 14 12:34:12 2000 Date: Wed, 13 Dec 2000 07:53:31 +0600 (NOVT) From: Test User <test@technical.ssc.nsu.ru> To: danfe@inet.ssc.nsu.ru default:Default User Abilities (Very Powerful):\ :cputime=unlimited:\ :filesize=unlimited:\ :datasize=unlimited:\ :stacksize=unlimited:\ :coredumpsize=unlimited:\ :memoryuse=unlimited:\ :memorylocked=unlimited:\ :maxproc=unlimited:\ :openfiles=unlimited:\ :sbsize=unlimited:\ :ignorenologin:\ :nologin=/var/run/nologin:\ :path=~/bin /sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin /usr/X11R6/bin:\ :priority=0:\ :requirehome@:\ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES,PAGER=less:\ :umask=022:\ :welcome=/usr/local/etc/motd:\ :mixpasswordcase@:\ :copyright=/etc/COPYRIGHT:\ :accounted: russian:Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: standard:Standard Users Restricted Settings:\ :filesize=10M:\ :datasize=6M:\ :stacksize=2M:\ :coredumpsize=8M:\ :coredumpsize-cur=0:\ :memoryuse=8M:\ :memorylocked=4M:\ :maxproc=8:\ :openfiles=16:\ :ignorenologin@:\ :path=~/bin /bin /usr/bin /usr/local/bin /usr/X11R6/bin:\ :priority=1:\ :requirehome:\ :minpasswordlen=8:\ :mixpasswordcase:\ :ttys.deny=ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7 ttyv8 ttyv9:\ :daytime=4h:\ :idletime=20m:\ :passwordtime=30d:\ :sessionlimit=2:\ :warnpassword=2d:\ :warntime=10m:\ :tc=russian: xuser:\ :tc=default: staff:\ :tc=russian: daemon:Daemons' Settings:\ :tc=default: news:\ :tc=default: dialer:\ :tc=default: root:Technical God:\ :hushlogin:\ :tc=default:help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10012141209280.30198-200000>