RE: process limit/su problem

["Andrej Borsenkow" <Andrej.Borsenkow@xxxxxxxxxxxxxx>]

>
>
> Hello dear list,
>
> I have following lines in /etc/zshenv to prevent fork-bombing etc
> by ordinary users :
>
> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
> then
>         ulimit -H -u 64 -c 65536 -f 2097152 -n 128
> else
>         ulimit -u 2048 -c 65536 -f 4194394 -n 1024
> fi
>

Limits are inherited. Granted, this should not apply to root, but it is most
probably kernel (or RedHat) specific problem. Put ulimt -a; id -a at the top
of your /etc/zshenv to see actual limits and user rights.


If you have more or less recent zsh (3.1.9 for sure) that supportts mapfile
module, you can avoid forking:

zmodload zsh/mapfile (this may be zmodload mapfile for older vresions)
GNAME=${${(M)${(f@)${mapfile[/etc/group]}}:#[^:]##:[^:]#:$GID:*}%%:*}
UNAME=${${(M)${(f@)${mapfile[/etc/passwd]}}:#[^:]##:[^:]#:$UID:*}%%:*}

if [[ $GNAME = $UNAME -a $UID -gt 14 ]];
 ...

another (less daunting :-) way to do the same

while read line
do
if [[ ${line[(ws/:/)3]} = $GID ]]; then
  GNAME=${line[(ws/:/)1]}
  break
done < /etc/group

and the same for /etc/passwd


-andrej

> Everything works nicely except 'su root' (by few selected "power
> users"). Usually my server is running about 100 processes owned by
> root. When I'm logged in as, for example, tarmoj and do 'su root',
> I get following errors:
>
> /etc/zshenv: fork failed: resource temporarily unavailable [33]
>
> So, obviously, the process limit for user is limiting the execution
> of /etc/zshenv etc and thus (as root after 'su' )I have to manually
> set  higher process limit and set other variables.
>
> So, my question is, is there any other way to prevent this
> (otherthan ssh root@localhost)?
>
>