From owner-freebsd-hackers Fri Apr 14 14: 5:35 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from io.dreamscape.com (io.dreamscape.com [206.64.128.6]) by hub.freebsd.org (Postfix) with ESMTP id 11BE137B534 for ; Fri, 14 Apr 2000 14:05:25 -0700 (PDT) (envelope-from halstead@dreamscape.com) Received: from halste07 (sA9-p22.dreamscape.com [207.198.13.214]) by io.dreamscape.com (8.9.3/8.8.4) with SMTP id RAA01850; Fri, 14 Apr 2000 17:04:32 -0400 (EDT) X-Dreamscape-Track-A: sA9-p22.dreamscape.com [207.198.13.214] X-Dreamscape-Track-B: Fri, 14 Apr 2000 17:04:32 -0400 (EDT) Message-ID: <003001bfa655$4aa4ab80$d60dc6cf@halste07> From: "James Halstead" To: "Bhishan Hemrajani" Cc: References: <200004142037.e3EKb9R37103@cytosine.dhs.org> Subject: Re: login.conf question Date: Fri, 14 Apr 2000 17:06:22 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Actually I tested this theory (all with remote logins, not sued) and it let me login 13 times (maxproc set to 12) however once i hit the 11'th login it made all the logins useless. Anytime i tried to run a process I got an error from bash that it could not fork. After the 11'th login i got this error when i logged on but still gives me the shell prompt, although i could not do anything. So apparently even with the maxproc limit, the login is allowed to su to the user making them over their limit. This is where the sesssion limit should take place making it harder for the user to hit the maxproc limit by logging in to many times. the bash fork error may confuse some of my users where a friendly "too many logins" is easy to under stand. Bhishan Hemrajani wrote: > Instead of using sessionlimit, why don't you limit the number of processes. > > That way, the number of shells that they can have is limited also. > > --bhishan > > > > > That might make sence at first, but that should still keep one person from > > logging in more than 4 times. Also i tested the session time and that is > > not working either so that makes me think there is something else i am > > missing. > > > > Besides the maxproc will pretty much limit them anyway ;) although that > > might make for more questions about why they can't run any programs when > > they have too many logins. Owell, I have yet to have anybody actually try > > to log in that many times. > > > > Perhaps there is something else i am forgetting to enable this? maby a > > kernal option or sysctl? > > > > On Thu, 13 Apr 2000, Bhishan > > Hemrajani wrote: > > > > > >From "man login.conf": > > > sessiontime time Maximum login time per session. > > > sessionlimit number Maximum number of concurrent login > > > sessions on ttys in any group. > > > > > > It seems here that session limit is on a per group basis. > > > > > > Try making a couple users, then logging in with each of those users. > > > I think that's what it might be limiting. > > > > > > --bhishan > > > > > > [Charset iso-8859-1 unsupported, filtering to ASCII...] > > > > Bhishan Hemrajani wrote: > > > > > > > > > > > > > Alright, a couple things come to mind here. > > > > > > > > > > 1. Did you make the database? (# cap_mkdb /etc/login.conf) > > > > > > > > Yes i made sure to do this ;) > > > > > > > > > 2. Did you add the user to the class (# chfn user) > > > > > (and then put the class name in the class field) > > > > > > > > also yes (chpass) > > > > > > > > > 3. If you did do that, login as the user (not su), and > > > > > type "limit" and give me an output. > > > > > > > > % limit > > > > cputime 1:00:00 > > > > filesize 5120 kbytes > > > > datasize 10240 kbytes > > > > stacksize 10 kbytes > > > > coredumpsize 1024 kbytes > > > > memoryuse 10240 kbytes > > > > memorylocked 5120 kbytes > > > > maxproc 12 > > > > openfiles 20 > > > > > > > > that's odd, it dosn't mention the session limits. I knew that the other > > > > limits worked, I tested them with a forkbomb, a mallocbomb and an infinitly > > > > recursive program just to see what would happen. fork and malloc failed > > > > expectedly and the infinit recursion segfaults after about 5400 recursions. > > > > > > > > Unless there is a problem with my login.conf or there is an option somewhere > > > > that i have to enable I don't know why the sessionlimit and idletime don't > > > > work (although i haven't tested the idletime) > > > > > > > > > > > > > > --bhishan > > > > > > > > > > > > hey out there! > > > > > > This is my first time doing someting like an i am having problems > > > > > > with one part. The session limit does not seem to be working. My > > > > > > understanding was that this was a hard limit for the number of > > > > > > simutanious logins a person may have. I created a test account and > > > > > > was able to have 6 logins open even though the limit is set to 4. > > > > > > Also I am curious if i set the idletime and warntime right, and if i > > > > > > need to have the accounting enabled in order for things to work. > > > > > > > > > > > > thanks for any help. > > > > > > > > > > > > James > > > > > > > > > > > > - ---- begin login.conf ---- > > > > > > > > > > > > # login.conf - login class capabilities database. > > > > > > # After each edit don't forget to run: > > > > > > # cap_mkdb /etc/login.conf > > > > > > > > > > > > #defaults - defaults for all users except root > > > > > > # NOTE: default gives no recource limits!! > > > > > > > > > > > > default:\ > > > > > > :cputime=unlimited:\ > > > > > > :filesize=unlimited:\ > > > > > > :datasize=unlimited:\ > > > > > > :stacksize=unlimited:\ > > > > > > :coredumpsize=unlimited:\ > > > > > > :memoryuse=unlimited:\ > > > > > > :memorylocked=unlimited:\ > > > > > > :maxproc=unlimited:\ > > > > > > :openfiles=unlimited:\ > > > > > > :manpath=/usr/share/man /usr/local/man:\ > > > > > > :nologin=/var/run/nologin:\ > > > > > > :path=~/bin /usr/local/bin /usr/bin /bin:\ > > > > > > :priority=0:\ > > > > > > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ > > > > > > :term=vt100:\ > > > > > > :umask=022:\ > > > > > > :welcome=/etc/motd:\ > > > > > > :minpasswordlen=8:\ > > > > > > :copyright=/etc/COPYRIGHT:\ > > > > > > :idletime=unlimited:\ > > > > > > :sessionlimit=unlimited: > > > > > > > > > > > > #root - make absolutly sure root can do anything. > > > > [snip] > > > > cstudent is the class that i am working with > > > > > > #cstudent - limit the recources for c class students. > > > > > > cstudent:\ > > > > > > :accounted:\ > > > > > > :cputime=1h:\ > > > > > > :filesize=5m:\ > > > > > > :datasize=10m:\ > > > > > > :stacksize=10k:\ > > > > > > :coredumpsize=1m:\ > > > > > > :memoryuse=10m:\ > > > > > > :memorylocked=5m:\ > > > > > > :maxproc=12:\ > > > > > > :openfiles=20:\ > > > > > > :requirehome:\ > > > > > > :umask=077:\ > > > > > > :sessionlimit=4:\ > > > > > > :idletime=3h:\ > > > > > > :warntime=2h45m:\ > > > > > > :tc=default: > > > > [snip] > > > > > > - ---- end login.conf ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message