SSHD / ulimit problem

Bob_Vance — Mon, 10 Jan 2005 18:45:32 GMT

Running RedHat AS3 update3 on HP Itanium 1600.
SSHD is openssh-server-3.6.1p2-33.30.1.ia64.rpm

I have an issue with SSHD not working properly with 'ulimit'.
It seems that SSHD ignores the limits file.
I have the PAM file set up for SSHD.

Here is PAM file:

jamaica1 ## cat /etc/pam.d/sshd | sed 's/^/... /'
... #%PAM-1.0
... auth required pam_stack.so service=system-auth
... auth required pam_nologin.so
... account required pam_stack.so service=system-auth
... password required pam_stack.so service=system-auth
... session required pam_stack.so service=system-auth
... session required pam_limits.so
... session optional pam_console.so

This is my /etc/security/limits.conf (after a reboot):

jamaica1 ## grep -Ev '^#' /etc/security/limits.conf |grep -vE '^$'|sed 's/^/... /'
... * soft nproc 2047
... * hard nproc 32000
... * soft nofile 3000
... * hard nofile 65536
... oracle soft nproc 18000
... oracle hard nproc 20000
... oracle soft nofile 60000
... oracle hard nofile 65536

I have the following 2 lines at the end of ~oracle/.bash_profile:
echo ulimit -u -n
ulimit -u -n

Upon logging in as "oracle" via SSH, we get:

... max user processes (-u) 16331
... open files (-n) 1024

Now try some other various logins:

[oracle@jamaica1 oracle]$ su - oracle
... Password:
... ulimit -u -n
... max user processes (-u) 18000
... open files (-n) 60000

[oracle@jamaica1 oracle]$ rsh jamaica1
... Last login: Mon Jan 10 17:02:36 from bobvlxp.cnetics.com
... ulimit -u -n
... max user processes (-u) 18000
... open files (-n) 60000

[oracle@jamaica1 oracle]$ ssh oracle@jamaica1
... ulimit -u -n
... max user processes (-u) 16331
... open files (-n) 1024

Try from console:

jamaica1 login: oracle
... Password:
... Last login: Mon Jan 10 17:03:14 from jamaica1
... ulimit -u -n
... max user processes (-u) 18000
... open files (-n) 60000
[oracle@jamaica1 oracle]$ tty
... /dev/ttyS2

As you can see, both a local login (su or console) and RSH
work fine, but SSHD simply ignores the limits file.

The behavior is the same for BASH, ZSH, and KSH, so it's not the shell.

I cannot figure out where SSHD is getting these values,
... max user processes (-u) 16331
... open files (-n) 1024

The work-around is simply to do a 'su - oracle' after login,
but that's a little bit of a pain.
Besides, a body wants to know;>)

tks
bv

Re: SSHD / ulimit problem

Don_89 — Tue, 11 Jan 2005 15:28:38 GMT

I ran into this while setting up ulimits for oracle users..

In the sshd_config, set

UsePriviledgeSepatation no

and

service sshd restart

it should work. Checkout the man for sshd_config and it give an explaination..

www.linuxtech.cc

Re: SSHD / ulimit problem

Bob_Vance — Tue, 11 Jan 2005 18:11:27 GMT

Thanks, Don.
That was it!!

I'd never heard of "UsePrivilegeSeparation" before.

tks
bv

Re: SSHD / ulimit problem

Bob_Vance — Tue, 11 Jan 2005 18:12:49 GMT

Now i just have to figure out the ramifications of disabling it.

tks
bv

topic Re: SSHD / ulimit problem in Operating System - Linux

SSHD / ulimit problem

Re: SSHD / ulimit problem

Re: SSHD / ulimit problem

Re: SSHD / ulimit problem