Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Apr 2000 17:06:22 -0400
From:      "James Halstead" <halstead@dreamscape.com>
To:        "Bhishan Hemrajani" <bhishan@cytosine.dhs.org>
Cc:        <freebsd-hackers@freebsd.org>
Subject:   Re: login.conf question
Message-ID:  <003001bfa655$4aa4ab80$d60dc6cf@halste07>
References:  <200004142037.e3EKb9R37103@cytosine.dhs.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Actually I tested this theory (all with remote logins, not sued) and it let
me login 13 times (maxproc set to 12) however once i hit the 11'th login it
made all the logins useless. Anytime i tried to run a process I got an error
from bash that it could not fork. After the 11'th login i got this error
when i logged on but still gives me the shell prompt, although i could not
do anything.

So apparently even with the maxproc limit, the login is allowed to su to the
user making them over their limit. This is where the sesssion limit should
take place making it harder for the user to hit the maxproc limit by logging
in to many times. the bash fork error may confuse some of my users where a
friendly "too many logins" is easy to under stand.


Bhishan Hemrajani wrote:


> Instead of using sessionlimit, why don't you limit the number of
processes.
>
> That way, the number of shells that they can have is limited also.
>
> --bhishan
>
> >
> > That might make sence at first, but that should still keep one person
from
> > logging in more than 4 times. Also i tested the session time and that is
> > not working either so that makes me think there is something else i am
> > missing.
> >
> > Besides the maxproc will pretty much limit them anyway ;) although that
> > might make for more questions about why they can't run any programs when
> > they have too many logins. Owell, I have yet to have anybody actually
try
> > to log in that many times.
> >
> > Perhaps there is something else i am forgetting to enable this? maby a
> > kernal option or sysctl?
> >
> >  On Thu, 13 Apr 2000, Bhishan
> > Hemrajani wrote:
> >
> > > >From "man login.conf":
> > >      sessiontime       time                Maximum login time per
session.
> > >      sessionlimit      number              Maximum number of
concurrent login
> > >                                            sessions on ttys in any
group.
> > >
> > > It seems here that session limit is on a per group basis.
> > >
> > > Try making a couple users, then logging in with each of those users.
> > > I think that's what it might be limiting.
> > >
> > > --bhishan
> > >
> > > [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > > > Bhishan Hemrajani wrote:
> > > >
> > > >
> > > > > Alright, a couple things come to mind here.
> > > > >
> > > > > 1. Did you make the database? (# cap_mkdb /etc/login.conf)
> > > >
> > > > Yes i made sure to do this ;)
> > > >
> > > > > 2. Did you add the user to the class (# chfn user)
> > > > >    (and then put the class name in the class field)
> > > >
> > > > also yes (chpass)
> > > >
> > > > > 3. If you did do that, login as the user (not su), and
> > > > >    type "limit" and give me an output.
> > > >
> > > > % limit
> > > > cputime         1:00:00
> > > > filesize        5120 kbytes
> > > > datasize        10240 kbytes
> > > > stacksize       10 kbytes
> > > > coredumpsize    1024 kbytes
> > > > memoryuse       10240 kbytes
> > > > memorylocked    5120 kbytes
> > > > maxproc         12
> > > > openfiles       20
> > > >
> > > > that's odd, it dosn't mention the session limits. I knew that the
other
> > > > limits worked, I tested them with a forkbomb, a mallocbomb and an
infinitly
> > > > recursive program just to see what would happen. fork and malloc
failed
> > > > expectedly and the infinit recursion segfaults after about 5400
recursions.
> > > >
> > > > Unless there is a problem with my login.conf or there is an option
somewhere
> > > > that i have to enable I don't know why the sessionlimit and idletime
don't
> > > > work (although i haven't tested the idletime)
> > > >
> > > > >
> > > > > --bhishan
> > > > > >
> > > > > > hey out there!
> > > > > > This is my first time doing someting like an i am having
problems
> > > > > > with one part. The session limit does not seem to be working. My
> > > > > > understanding was that this was a hard limit for the number of
> > > > > > simutanious logins a person may have. I created a test account
and
> > > > > > was able to have 6 logins open even though the limit is set to
4.
> > > > > > Also I am curious if i set the idletime and warntime right, and
if i
> > > > > > need to have the accounting enabled in order for things to work.
> > > > > >
> > > > > > thanks for any help.
> > > > > >
> > > > > > James
> > > > > >
> > > > > > - ---- begin login.conf ----
> > > > > >
> > > > > > # login.conf - login class capabilities database.
> > > > > > # After each edit don't forget to run:
> > > > > > # cap_mkdb /etc/login.conf
> > > > > >
> > > > > > #defaults - defaults for all users except root
> > > > > > # NOTE: default gives no recource limits!!
> > > > > >
> > > > > > default:\
> > > > > >  :cputime=unlimited:\
> > > > > >  :filesize=unlimited:\
> > > > > >  :datasize=unlimited:\
> > > > > >  :stacksize=unlimited:\
> > > > > >  :coredumpsize=unlimited:\
> > > > > >  :memoryuse=unlimited:\
> > > > > >  :memorylocked=unlimited:\
> > > > > >  :maxproc=unlimited:\
> > > > > >  :openfiles=unlimited:\
> > > > > >  :manpath=/usr/share/man /usr/local/man:\
> > > > > >  :nologin=/var/run/nologin:\
> > > > > >  :path=~/bin /usr/local/bin /usr/bin /bin:\
> > > > > >  :priority=0:\
> > > > > >  :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
> > > > > >  :term=vt100:\
> > > > > >  :umask=022:\
> > > > > >  :welcome=/etc/motd:\
> > > > > >  :minpasswordlen=8:\
> > > > > >  :copyright=/etc/COPYRIGHT:\
> > > > > >  :idletime=unlimited:\
> > > > > >  :sessionlimit=unlimited:
> > > > > >
> > > > > > #root - make absolutly sure root can do anything.
> > > > [snip]
> > > > cstudent is the class that i am working with
> > > > > > #cstudent - limit the recources for c class students.
> > > > > > cstudent:\
> > > > > >  :accounted:\
> > > > > >  :cputime=1h:\
> > > > > >  :filesize=5m:\
> > > > > >  :datasize=10m:\
> > > > > >  :stacksize=10k:\
> > > > > >  :coredumpsize=1m:\
> > > > > >  :memoryuse=10m:\
> > > > > >  :memorylocked=5m:\
> > > > > >  :maxproc=12:\
> > > > > >  :openfiles=20:\
> > > > > >  :requirehome:\
> > > > > >  :umask=077:\
> > > > > >  :sessionlimit=4:\
> > > > > >  :idletime=3h:\
> > > > > >  :warntime=2h45m:\
> > > > > >  :tc=default:
> > > > [snip]
> > > > > > - ---- end login.conf ----




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001bfa655$4aa4ab80$d60dc6cf>