Re: ulimits

To: debian-security@lists.debian.org
Cc: s13361562@bach.sun.ac.za
Subject: Re: ulimits
From: j.rivera <rewt@udel.edu>
Date: Sat, 23 Mar 2002 21:37:21 -0500
Message-id: <[🔎] 20020323213721.222866f5.rewt@udel.edu>
In-reply-to: <[🔎] 20020323073036.GA18713@vervet.localnet>
References: <[🔎] 20020323073036.GA18713@vervet.localnet>

Hello,

Here are some answers to the questions you asked. If anyone realizes that any of the information is incorrect or inaccurate, please feel free to correct me :-)

On Sat, 23 Mar 2002 09:30:36 +0200
Hugo van der Merwe <s13361562@bach.sun.ac.za> wrote:

> Hello,
> 
> Recently a friend of mine was kind enough to hit refresh 700 times >after
> requesting a depth 5 recursive validation from the validator on my web
> server. It's load levels went to above 150, hehe. Took me a couple of
> minutes to log in, and a couple to su to root, and more than 5 minutes
> to get the "killall validate.cgi" command executed. Quite amazing that
> the machine survived it all. GNU/Linux rules! ;)
> 
> Now I realise the time has come for me to set up some ulimits. I have
> some queries about the workings of /etc/security/ and /etc/pam.d/. If >I
> set up limits in /etc/security/limits.conf, this will only apply to
> pam-enabled services with pam_limits.so in the corresponding file in
> /etc/pam.d/ ? Or does "login" cover everything?

If you edit /etc/pam.d/login to use pam_limit.so, it will set up limits for UIDs that utilize the login program (i.e. /bin/login) in some way.

> 
> I see the following in pam.d/kde:
> 
> password   required     pam_unix.so nullok obscure min=4 max=8 md5
> 
> What is the effect of this? I wanted to make my passwords 6 to 12, so >I
> editted pam.d/login, is it necessary to e.g. edit the kde one too? 
> (Everything appears to work well.)

When a PAM module has the control flag of "password", the module is concerned with password management, such as setting/resetting the authentication token of a user.

The line actually has no bearing on password creation, since the file that would really matter for that would be /etc/pam.d/passwd; in a simple sense it means that whenever KDE makes a call to refresh the user's authentication token, it will only care about a maximum of 8 characters of a user's password.

> 
> How would I give apache some ulimits, so that it doesn't spawn too >many validators, or eat too much ram? (To me it doesn't look like 
>simply
> editting /etc/security/limits.conf will work "out of the box" ?)

Try invoking umlimit from the apache initialization script.

> 
> Thanks,
> Hugo van der Merwe
> 
> ps: please CC. (busy week)

A good resource on Linux-PAM can found at:

http://www.kernel.org/pub/linux/libs/pam/

Regards,
jovan rivera
<rewt@udel.edu>

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- ulimits
  - From: Hugo van der Merwe <s13361562@bach.sun.ac.za>

Prev by Date: unsubscribe
Next by Date: Re: (A little OT) Introduction to cryptography
Previous by thread: ulimits
Next by thread: Re: ulimits
Index(es):
- Date
- Thread