Re: pam limits drops privileges

[Lukasz Trabinski <lukasz () lt wsisiz edu pl>]

On Sat, 8 Sep 2001, Tarhon-Onu Victor wrote:

>       Man, come on, let test login, what the hell?! I want to show there
> is a bug here, not to give you the oportunity to show everyone that your
> limits work. They work for me too, but you're missing the point. I told
> you to kill all test's processes before trying this. Well, you didn't, and
> that's why it doesn't work.

OK, sorry!
I would like to CONFIRM this bug :-), My last tests was not very
precisely. :)

There is a little test:

There is a test user:

lt:~$ id test
uid=503(test) gid=509(test) groups=509(test)
pam-0.74-22

Only root is login on console tty1

Now, I try login as user test on tty2:

login: test
Password:
Last login: Sun Sep  9 18:29:38 on tty2
lt:~# id
uid=0(root) gid=0(root) groups=509(test)

Taadam. Test user has uid=0 and gid=0 :-)



If we remove line:
@test           -       maxlogins       2
from /etc/security/limits.conf
or line:
session    required     /lib/security/pam_limits.so
from /etc/pam.d/login it's works correctly, we can login as test on tty2
without root privilege. :-)

login: test
Password:
Last login: Sun Sep  9 18:29:28 on tty1
lt:~$ id
uid=503(test) gid=509(test) groups=509(test)


bash-2.05$ rpm -q pam
pam-0.74-22
bash-2.05$ uname -r
2.4.9



-- 
*[ Łukasz Trąbiński ]*
SysAdmin @wsisiz.edu.pl