From owner-freebsd-hackers@freebsd.org Fri Jun 23 15:25:53 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6925DA6A50 for ; Fri, 23 Jun 2017 15:25:53 +0000 (UTC) (envelope-from ap00@mail.ru) Received: from fallback.mail.ru (fallback13.m.smailru.net [94.100.179.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 788DA64872 for ; Fri, 23 Jun 2017 15:25:52 +0000 (UTC) (envelope-from ap00@mail.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:To:Message-ID:From:Date; bh=JQD9oo77YGaIz5dYyWbw56wsj373se9bpOz99IWqROU=; b=bvimvegmO+AAP7HZ9o++1g/A3Gk5kM0hnJ86sGaOtnn+rrKtwGaDwWaa4S9mcTixrSy+7fD/Ou+CdrRUap8hBOyXKbbe4oKh7+rCepG2O57aCY8jPu74UdLkDyEbha+J9mk6SyjbWnNK2ZfUq42rTcI8VZWQJI6Zgo7pwc1v5hE=; Received: from [10.161.64.60] (port=57892 helo=smtp52.i.mail.ru) by fallback13.m.smailru.net with esmtp (envelope-from ) id 1dOQSu-0005vy-1D for freebsd-hackers@freebsd.org; Fri, 23 Jun 2017 18:25:44 +0300 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:To:Message-ID:From:Date; bh=JQD9oo77YGaIz5dYyWbw56wsj373se9bpOz99IWqROU=; b=bvimvegmO+AAP7HZ9o++1g/A3Gk5kM0hnJ86sGaOtnn+rrKtwGaDwWaa4S9mcTixrSy+7fD/Ou+CdrRUap8hBOyXKbbe4oKh7+rCepG2O57aCY8jPu74UdLkDyEbha+J9mk6SyjbWnNK2ZfUq42rTcI8VZWQJI6Zgo7pwc1v5hE=; Received: from [91.190.121.202] (port=64547 helo=pstation) by smtp52.i.mail.ru with esmtpa (envelope-from ) id 1dOQSl-0004qo-Ng for freebsd-hackers@freebsd.org; Fri, 23 Jun 2017 18:25:36 +0300 Date: Fri, 23 Jun 2017 18:25:36 +0300 From: Anthony Pankov X-Priority: 3 (Normal) Message-ID: <1599987034.20170623182536@mail.ru> To: freebsd-hackers@freebsd.org Subject: using rc.subr only by root restriction MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: quoted-printable X-7FA49CB5: 0D63561A33F958A5F8E14D0C530E308ABEFA3136B03239525CAA144E08E3C0E1725E5C173C3A84C315AF0D0D4FC4FA3DCB841E23E640A1E21337B709B3801B10C4224003CC836476C0CAF46E325F83A50BF2EBBBDD9D6B0F8DB212830C5B42F72623479134186CDE6BA297DBC24807EABDAD6C7F3747799A X-Mailru-Sender: D8D48EF70163D79D00784CDFC8FD31072BAA2D863CDF2390FE1F1CFBABA390C8B4B259C5F57889CE50D5CF8590B94F4EC77752E0C033A69E81198BD1A48777B793AC9912533B2342AE208404248635DF X-Mras: OK X-7FA49CB5: 0D63561A33F958A5BD585B82F3CA8473520493446D77C19F9833E285D1946DB4462275124DF8B9C920A5816FF58DF6CF574AF45C6390F7469DAA53EE0834AAEE X-Mailru-Sender: A5480F10D64C90051B732BAF0E936B42C667FF7C84D7CC4C9EB8CF8423D4B44E0840CAA66A03E50EB26AAFE52D544DF9D50E20E2BC48EF5AA99AB44EAB91793CEAB4BC95F72C04283CDA0F3B3F5B9367 X-Mras: OK X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 15:25:53 -0000 Greetings I was deploying my new system based on FreeBSD 11 and got =F4 surprise. I have specific subsystem which use own startup scripts tied to rc.subr for better integration. Those scripts can be used not only by system= startup but also by unpriveleged user. With FreeBSD 11 in case of unpriveleged user the error appear: "limits: setrlimit datasize: Operation not permitted" There is a thread on a forum about the issue: https://forums.freebsd.org/th= reads/58304/ I've never seen a warning to do not use rc.subr in regular scripts so I made it this way. May be we can consider to patch rc.subr and remove this restriction? P.S. This patch helps, but may be there is a better way. --- /etc/rc.subr.old 2017-06-21 07:11:39.716210000 +0300 +++ /etc/rc.subr 2017-06-21 07:18:21.215444000 +0300 @@ -1072,7 +1072,9 @@ fi # Prepend default limits - _doit=3D"limits -C $_login_class $_doit" + if [ `id -u` -eq 0 ]; then + _doit=3D"limits -C $_login_class $_doit" + fi # run the full command # --=20 Anthony Pankov mailto:ap00@mail.ru