Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Security-Discuss] SSH, privilege separation and pam_limits
From: Vincent Haverlant (vincenthaverlant.org)
Date: Fri Sep 03 2004 - 06:41:40 CDT
Looking through the ML archive I saw a problem related to ssh and
pam_limits has already arisen before. Here is what happens to me.
I noticed the same error message as mentioned a few month earlier:
Sep 2 14:54:48 sauron sshd: Accepted password for testssh from 127.0.0.1 port 52047 ssh2
Sep 2 14:54:48 sauron pam_limits: setrlimit 11 to -1073762236 failed: Operation not permitted
Sep 2 14:54:48 sauron sshd(pam_unix): session opened for user testssh by (uid=508)
Sep 2 14:54:48 sauron sshd: fatal: PAM session setup failed: Permission denied
This error prevents the user from login on the host.
In fact I have indeed specified limits in the /etc/security/limits.conf
testssh soft nofile 2048
testssh hard nofile 4096
I found a workaround, however, to this limits issue. By specifying
explicitly *not* to use privilege separation, the login is successful.
Could it be that sshd drops privileges too early to be able to use the
setrlimit call ? Is this feature solved in the latest Openssh upstream
version ? Should I somehow file a bug report ? How ?
.~. Vincent Haverlant -- Galadril -- #ICQ: 35695155
/V\ MSN: vincent_msnhaverlant.org -- http://www.haverlant.org/
/( )\ Parinux member: http://www.parinux.org/
^^-^^ GPG: 8FEA 52C2 5C54 A201 2375 0FA5 AF2E 1881 92D0 EE84
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com