ulimit
Kees Cook
kees.cook at canonical.com
Wed Sep 9 18:38:23 UTC 2009
Hi,
On Wed, Sep 09, 2009 at 02:13:24PM -0400, Etienne Goyer wrote:
> Limits that you set in /etc/security/limits.conf are applied by the
> pam_limits.so PAM module. The PAM stack is configured in the various
> files you can find under /etc/pam.d/. Explaining how to configure PAM
> would be a bit long, so I refer you to the Linux PAM System
> Administrator Guide I linked to in my previous post for further details.
>
> That being said, I am afraid my last post was misleading, because PAM do
> not apply to daemons and services started by init AFAIK. As such, I am
> not sure how you would impose ulimit on daemon, but that is surely not
> through /etc/security/limits.conf. I will leave it to someone else to
> suggest a proper approach for your use-case.
While start-stop-daemon does not yet support[1] setting ulimits, you
should be able to add a ulimit call to your service's init script
directly. Though that is a bit of a hack. :)
In the future, once services have migrated to using Upstart, you can
set limits more easily. (See "limit"[2])
-Kees
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302079
[2] http://upstart.ubuntu.com/wiki/Stanzas
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-server
mailing list