From owner-freebsd-questions Wed Dec 13 22:36:33 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 13 22:36:29 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from linux.ssc.nsu.ru (linux.ssc.nsu.ru [193.124.219.91]) by hub.freebsd.org (Postfix) with SMTP id BC84837B400 for ; Wed, 13 Dec 2000 22:36:24 -0800 (PST) Received: (qmail 3165 invoked from network); 14 Dec 2000 06:36:15 -0000 Received: from inet.ssc.nsu.ru (62.76.110.12) by hub.freebsd.org with SMTP; 14 Dec 2000 06:36:15 -0000 Received: from localhost (danfe@localhost) by inet.ssc.nsu.ru (8.9.3/8.9.3) with ESMTP id MAA30631; Thu, 14 Dec 2000 12:35:47 +0600 Date: Thu, 14 Dec 2000 12:35:47 +0600 (NOVT) From: Alexey Dokuchaev To: James Lim Cc: questions@FreeBSD.ORG Subject: Re: How come accounting limits of login.conf still doesn't work?! In-Reply-To: <000d01c0640b$211c6220$2e189cca@sleipnir> Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="1279134830-441600511-976775747=:30198" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --1279134830-441600511-976775747=:30198 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi! > Perhaps you would like to give an example of ur login.conf here and give > us a brief description of the problem? Sure, why not :) The problem is that not every limit of login.conf (though all of them are documented well in man login.conf(5) page) works for me. I'm trying to set up pretty secured server based on FreeBSD (+ maybe I'll try to adopt SecureBSD patch to it some day, but for now I simply want to get native FreeBSD security fearutes working). And, to my sincere dissappointment, I can't :-( General login.conf features, such as maxproc, openfiles, minpasswordlen and so on seem to work. Well, OK, I can ensure now that certain malicious user won't bring my box down on it's knees by a fork() bomb too soon :) But this is not all what I need. I see those nifty daytime, idletime, passwordtime, sessionlimit, warnpassword, warntime and such, and I want to use them as well! And, sadly enough, they don't appear to be working at all for me. As I understand, any limits that need time control, requite special daemon to spawn a process for each login session in order to work. So how come that it's not written yet? [Or, prove me wrong otherwise] Anyway, I seek and will certainly appreciate any help/information regarding this subject as it is of pretty high importance for me. Thank you. My login.conf attached at the end of this message. -- Yours, DAN Fe --1279134830-441600511-976775747=:30198 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="tech.login.conf" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="tech.login.conf" RnJvbSB0ZXN0QHRlY2huaWNhbC5zc2MubnN1LnJ1IFRodSBEZWMgMTQgMTI6 MzQ6MTIgMjAwMA0KRGF0ZTogV2VkLCAxMyBEZWMgMjAwMCAwNzo1MzozMSAr MDYwMCAoTk9WVCkNCkZyb206IFRlc3QgVXNlciA8dGVzdEB0ZWNobmljYWwu c3NjLm5zdS5ydT4NClRvOiBkYW5mZUBpbmV0LnNzYy5uc3UucnUNCg0KZGVm YXVsdDpEZWZhdWx0IFVzZXIgQWJpbGl0aWVzIChWZXJ5IFBvd2VyZnVsKTpc DQoJOmNwdXRpbWU9dW5saW1pdGVkOlwNCgk6ZmlsZXNpemU9dW5saW1pdGVk OlwNCgk6ZGF0YXNpemU9dW5saW1pdGVkOlwNCgk6c3RhY2tzaXplPXVubGlt aXRlZDpcDQoJOmNvcmVkdW1wc2l6ZT11bmxpbWl0ZWQ6XA0KCTptZW1vcnl1 c2U9dW5saW1pdGVkOlwNCgk6bWVtb3J5bG9ja2VkPXVubGltaXRlZDpcDQoJ Om1heHByb2M9dW5saW1pdGVkOlwNCgk6b3BlbmZpbGVzPXVubGltaXRlZDpc DQoJOnNic2l6ZT11bmxpbWl0ZWQ6XA0KCTppZ25vcmVub2xvZ2luOlwNCgk6 bm9sb2dpbj0vdmFyL3J1bi9ub2xvZ2luOlwNCgk6cGF0aD1+L2JpbiAvc2Jp biAvYmluIC91c3Ivc2JpbiAvdXNyL2JpbiAvdXNyL2xvY2FsL3NiaW4gL3Vz ci9sb2NhbC9iaW4gL3Vzci9YMTFSNi9iaW46XA0KCTpwcmlvcml0eT0wOlwN Cgk6cmVxdWlyZWhvbWVAOlwNCgk6c2V0ZW52PU1BSUw9L3Zhci9tYWlsLyQs QkxPQ0tTSVpFPUssRlRQX1BBU1NJVkVfTU9ERT1ZRVMsUEFHRVI9bGVzczpc DQoJOnVtYXNrPTAyMjpcDQoJOndlbGNvbWU9L3Vzci9sb2NhbC9ldGMvbW90 ZDpcDQoJOm1peHBhc3N3b3JkY2FzZUA6XA0KCTpjb3B5cmlnaHQ9L2V0Yy9D T1BZUklHSFQ6XA0KCTphY2NvdW50ZWQ6DQoNCnJ1c3NpYW46UnVzc2lhbiBV c2VycyBBY2NvdW50czpcDQoJOmNoYXJzZXQ9S09JOC1SOlwNCgk6bGFuZz1y dV9SVS5LT0k4LVI6XA0KCTp0Yz1kZWZhdWx0Og0KDQpzdGFuZGFyZDpTdGFu ZGFyZCBVc2VycyBSZXN0cmljdGVkIFNldHRpbmdzOlwNCgk6ZmlsZXNpemU9 MTBNOlwNCgk6ZGF0YXNpemU9Nk06XA0KCTpzdGFja3NpemU9Mk06XA0KCTpj b3JlZHVtcHNpemU9OE06XA0KCTpjb3JlZHVtcHNpemUtY3VyPTA6XA0KCTpt ZW1vcnl1c2U9OE06XA0KCTptZW1vcnlsb2NrZWQ9NE06XA0KCTptYXhwcm9j PTg6XA0KCTpvcGVuZmlsZXM9MTY6XA0KCTppZ25vcmVub2xvZ2luQDpcDQoJ OnBhdGg9fi9iaW4gL2JpbiAvdXNyL2JpbiAvdXNyL2xvY2FsL2JpbiAvdXNy L1gxMVI2L2JpbjpcDQoJOnByaW9yaXR5PTE6XA0KCTpyZXF1aXJlaG9tZTpc DQoJOm1pbnBhc3N3b3JkbGVuPTg6XA0KCTptaXhwYXNzd29yZGNhc2U6XA0K CTp0dHlzLmRlbnk9dHR5djAgdHR5djEgdHR5djIgdHR5djMgdHR5djQgdHR5 djUgdHR5djYgdHR5djcgdHR5djggdHR5djk6XA0KCTpkYXl0aW1lPTRoOlwN Cgk6aWRsZXRpbWU9MjBtOlwNCgk6cGFzc3dvcmR0aW1lPTMwZDpcDQoJOnNl c3Npb25saW1pdD0yOlwNCgk6d2FybnBhc3N3b3JkPTJkOlwNCgk6d2FybnRp bWU9MTBtOlwNCgk6dGM9cnVzc2lhbjoNCg0KeHVzZXI6XA0KCTp0Yz1kZWZh dWx0Og0Kc3RhZmY6XA0KCTp0Yz1ydXNzaWFuOg0KZGFlbW9uOkRhZW1vbnMn IFNldHRpbmdzOlwNCgk6dGM9ZGVmYXVsdDoNCm5ld3M6XA0KCTp0Yz1kZWZh dWx0Og0KZGlhbGVyOlwNCgk6dGM9ZGVmYXVsdDoNCg0Kcm9vdDpUZWNobmlj YWwgR29kOlwNCgk6aHVzaGxvZ2luOlwNCgk6dGM9ZGVmYXVsdDoNCg== --1279134830-441600511-976775747=:30198-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message