* Grzegorz Pawel Szostak said: > Hi, > > > > > > > how to limit all of this ? > > > I've tried /etc/security/limits.conf but it seems to not work properly ... > > Hmm... the latest update to the pam libraries on potato fixed the problem > > with pam_limits module. But, you might want to use the lshell package which > > does basically the same. > I'm afraid you are wrong. I've installed lshell (Pawel Jochym suggested it > to me) but it doesn't suit me. ulimit -a says that for example memory It's enough if you limit the size of the data segments, number of processes and CPU time. The rest is just fine tuning the other parameters - after all, the data and stack is what takes 90% of the space. Limiting the image size of the binary executable is pointless - you've got full control over what the user can or cannot execute - just deny him the right to execute anything from his/her home directory. Then YOU are the one who controls the image sizes of all the executables - it's enough to limit the data/stack size. > usage is unlimited. Also Pawel suggested sollution with /etc/profile and > ulimit. My ulimit-line in /etc/profile looks now like: Still, you're assuming the entire world uses bash, which (fortunately) isn't true. As a side note - tcsh takes half the memory bash consumes and has all the sprinkles bash does. :)) > ulimit -d 2097148 -c 0 -n 64 -s 8192 -u 64 -l 4096 -m 4096 -v 8192 > > and it is good enough for me. And what about your user who wants to use ash, sash, csh, ksh, zsh, rc, pdmenu or whatever other shell s/he wants? marek
Attachment:
pgpfITCw6rYgB.pgp
Description: PGP signature