Feature request: module [pam_limits]

Cedric Bhihe cedric.bhihe at gmail.com
Tue Mar 1 10:05:53 UTC 2016 

I really did not intend my suggestion to be a thermonuclear device.
I take yr comments seriously though; you have a point. That said, the
(perhaps weak) rationale behind introducing "group negation" in the 
`pam_limits`
syntax is certainly not muddying waters, but rather change default 
values for all
groups but the "negated" one. The same applies to users.
(I noticed yr comments only focused on groups. Does it mean you would 
second
the feature request for syntax applying to users ?)

Perhaps that makes no sense to some/most/you, but I would consider it handy
and an alternative to group range limit specification, around a specific 
group, whose
limit(s) you don't want to change.

As it stands, the existing pam_limits syntax allows us to express 
everything.
I suggest an alternate way of expressing things in certain cases where
blanket rules introduces concision. It may not conform to the spirit or 
the habits
of devs, perhaps breaking a rule unknown to me, along the lines of:
"You shan't provide alternative syntax to something that has one and 
ain't broken."
But that I don't know. I am just a user, not a dev.

If this was not already a burial, then the community will decide. Tis 
all. Cheers.
-ced


On 27/02/16 at 22:06, Ralf Mardorf wrote:
> #<domain>      <type>  <item>         <value>
> @foo           soft    nproc          20
> @foo           hard    nproc          50
>
> Every user who is _not_ in the group "foo", simply is _not_ in
> this group, it makes completely no sense to introduce a negation of
> being in a group, since the negation is already not being member of this
> group.
>
> [foo at linux ~]$ id foo
> uid=1000(foo) gid=1000(foo) groups=1000(foo)
>
> [foo at linux ~]$ id bar
> uid=1001(bar) gid=1001(bar) groups=1001(bar),1000(foo)
>
> [foo at linux ~]$ id jane_doe
> uid=1002(jane_doe) gid=1002(jane_doe) groups=1002(jane_doe)
>
> What would you gain by introducing a negation of being in a group? You
> only would lose clarity?
>
> You could set up a new group, if nobody should be in the group
> "foo", but the user "foo".
>
> #<domain>      <type>  <item>         <value>
> @npgroup       soft    nproc          20
> @npgroup       hard    nproc          50
>
> [foo at linux ~]$ id foo
> uid=1000(foo) gid=1000(foo) groups=1000(foo),50(npgroup)
>
> [foo at linux ~]$ id bar
> uid=1001(bar) gid=1001(bar) groups=1001(bar),50(npgroup)
>
> [foo at linux ~]$ id jane_doe
> uid=1002(jane_doe) gid=1002(jane_doe) groups=1002(jane_doe)
>

More information about the Ubuntu-devel-discuss mailing list