[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: maximum number of processes on kernel 2.4.x

On Tue, Mar 12, 2002 at 12:15:26PM +0100, Russell Coker wrote:
> BTW, why exactly do you need to have so many root owned processes?
> 
> Every root owned process is a potential security hole.  Is it possible to 
> make some of these things use non-root?

The server is running CommuniGate Pro, which must be run as root.  I'm
not particularly comfortable with the idea myself, but since the
server is only doing email, then if somebody compromises the mail
software, they have control over everything important that happens on
the server anyhow.

It looks like the real problem was actually the pam_limits module that
is being loaded from the various pam.d configuration files.  It was
doing a setrlimit(RLIMIT_NPROC, 256), which resulted in it not being
able to perform the various setuid/setgid calls and whatnot and then
spawn the login shell.

Thanks again for your help,

Wayne


-- 
Wayne A. Tucker - wtucker@donobi.com
Network Engineer, Donobi Inc.
Reply to: