[CentOS] No ulimit for user

Stephen Nelson-Smith stephen at atalanta-systems.com
Tue Dec 8 15:46:28 UTC 2009


Hi,

I'm trying to remove any limit on open files for a user; I've set
username nofiles to unlimited in /etc/security/logins.conf, but now I
get "could not open session" if I try to su to the user.

singhh          -       nofile          unlimited

I think this is related to PAM, so I've modifed /etc/pam.d/su  and
/etc/pam.d/login to use pam_limits.so:

# cat /etc/pam.d/su
#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         required        pam_limits.so
session         include         system-auth
session         optional        pam_xauth.so

# cat /etc/pam.d/login
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be
executed in the user context
session    required     pam_selinux.so pam_limits.so open
session    optional     pam_keyinit.so force revoke

What am I doing wrong?

S.


More information about the CentOS mailing list