Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
RE: process limit/su problem
- X-seq: zsh-users 3596
- From: "Andrej Borsenkow" <Andrej.Borsenkow@xxxxxxxxxxxxxx>
- To: "Tarmo J?rvi" <tarmoj@xxxxxxxxx>, <zsh-users@xxxxxxxxxxxxxx>
- Subject: RE: process limit/su problem
- Date: Thu, 25 Jan 2001 15:34:37 +0300
- Importance: Normal
- In-reply-to: <23649114.980415184798.JavaMail.wls@webwl02>
- Mailing-list: contact zsh-users-help@xxxxxxxxxx; run by ezmlm
>
>
> Hello dear list,
>
> I have following lines in /etc/zshenv to prevent fork-bombing etc
> by ordinary users :
>
> if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]
> then
> ulimit -H -u 64 -c 65536 -f 2097152 -n 128
> else
> ulimit -u 2048 -c 65536 -f 4194394 -n 1024
> fi
>
Limits are inherited. Granted, this should not apply to root, but it is most
probably kernel (or RedHat) specific problem. Put ulimt -a; id -a at the top
of your /etc/zshenv to see actual limits and user rights.
If you have more or less recent zsh (3.1.9 for sure) that supportts mapfile
module, you can avoid forking:
zmodload zsh/mapfile (this may be zmodload mapfile for older vresions)
GNAME=${${(M)${(f@)${mapfile[/etc/group]}}:#[^:]##:[^:]#:$GID:*}%%:*}
UNAME=${${(M)${(f@)${mapfile[/etc/passwd]}}:#[^:]##:[^:]#:$UID:*}%%:*}
if [[ $GNAME = $UNAME -a $UID -gt 14 ]];
...
another (less daunting :-) way to do the same
while read line
do
if [[ ${line[(ws/:/)3]} = $GID ]]; then
GNAME=${line[(ws/:/)1]}
break
done < /etc/group
and the same for /etc/passwd
-andrej
> Everything works nicely except 'su root' (by few selected "power
> users"). Usually my server is running about 100 processes owned by
> root. When I'm logged in as, for example, tarmoj and do 'su root',
> I get following errors:
>
> /etc/zshenv: fork failed: resource temporarily unavailable [33]
>
> So, obviously, the process limit for user is limiting the execution
> of /etc/zshenv etc and thus (as root after 'su' )I have to manually
> set higher process limit and set other variables.
>
> So, my question is, is there any other way to prevent this
> (otherthan ssh root@localhost)?
>
>
Messages sorted by:
Reverse Date,
Date,
Thread,
Author