Re: ulimit



On Thu, 08 Nov 2007, in the Usenet newsgroup comp.os.linux.security, in article
<1194494735.248243.325540@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Steven Borrelli wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

And please don't post the same question to multiple newsgroups.

How can I (being root) prevent other users from changing their ulimit?

You can't. They can _reduce_ their limits, or increase them up to
the limits you set, but it's not easy to prevent anyone from changing
them below those maximum limits.

I know this is possible in UNIX, but I'm not sure about Linux (i.e.
Slackware, SUSE). By the way, how would I do it in UNIX? (i.e.
Solaris, Darwin, or FreeBSD)

It's a _shell_ function, not an O/S. You're probably running a Bourne
type shell (sh, bash, ksh, or similar), and for that the built-in
command is 'ulimit'. For a 'c' type shell (csh, tcsh, and similar),
the command is 'limit'.

Limits are set in a login shell - so if you are using a text based
login and a Bourne shell, use /etc/profile. If using a 'csh' shell,
use ~/.login in the users home directory. If using a 'tcsh' shell,
see the man page, as things vary as a function of how the shell is
compiled. For a _GUI_ login (runlevel 5 in an Linux Standard Base
compliant distribution)[1], you need to look at the man page for the
display manager used (gdm, kdm, wdm, xdm, etc.) as they usually
do NOT use a shell as the place to set things - .xinitrc, .xsession,
or similar - often in the user's home directory. For those files
that set the limits but are located _in_ the user's home directory,
you need to change ownership of that/those files to root:root, and
set the 'sticky bit' on the directory itself (chmod 1750 /home/mumble)
so that only the file _owner_ can delete the file.

Bottom line - see the man page for the shell used, and read the
sections about limits and shell invocation.

Old guy

[1] Mandriva 2008 is an exception. The GUI login shell scripts source
~/.bash_profile - which isn't much good in a 'csh' environment, but is
a start.
.



Relevant Pages

  • OT - but help here anyway -- was Re: /usr/bin/ls: 0403-027 The parameter list is too
    ... limits - others do not, and yours appears to be one of the latter. ... Which shell do you use personally? ... Do you have a very large environment. ... (Perl can do it; ...
    (perl.dbi.users)
  • Re: [SLE] maximum nproc value
    ... What's your kernel version, shell you're using, current ulimit ... Just tested again fork bombing the machine I've described by ... No limits were configured. ... The kernel does not prevent users from creating as many processes as ...
    (SuSE)
  • Re: problems in gnome
    ... There are user-controllable soft limits that can be used to restrict ... "ulimit" is not a command in the sense of being an executable file; ... is a shell built-in, and is described in the man page for the ...
    (comp.unix.bsd.netbsd.misc)
  • Re: recursive search
    ... On Fri, 2 Dec 2005, The Ghost wrote: ... > I want to know how many new line chars there are in all files in a ... there are limits to how long the argument list can be in the shell, ... the limitation of too many files that the shell approach will have. ...
    (perl.beginners)
  • Re: Where to put shell settings under Suse ?
    ... For runlevel 3, ... page for your shell. ... For a GUI login, your display manager is the login shell, and you should see ... Then xdm runs the Xsession script as the user. ...
    (comp.os.linux.misc)