Re: maximum number of processes on kernel 2.4.x
On Tue, 12 Mar 2002 21:03, Wayne Tucker wrote:
> On Tue, Mar 12, 2002 at 12:15:26PM +0100, Russell Coker wrote:
> > BTW, why exactly do you need to have so many root owned processes?
> > Every root owned process is a potential security hole. Is it possible to
> > make some of these things use non-root?
> The server is running CommuniGate Pro, which must be run as root. I'm
> not particularly comfortable with the idea myself, but since the
> server is only doing email, then if somebody compromises the mail
> software, they have control over everything important that happens on
> the server anyhow.
> It looks like the real problem was actually the pam_limits module that
> is being loaded from the various pam.d configuration files. It was
That's a bug. A daemon should not be using pam unless it's for a user login.
I presume it was more than just the POP server having a problem...
> doing a setrlimit(RLIMIT_NPROC, 256), which resulted in it not being
> able to perform the various setuid/setgid calls and whatnot and then
> spawn the login shell.
Also you can edit /etc/security/limits.conf to change the settings...
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.