On Mon, May 05, 2014 at 12:44:01PM -0600, Nathan Duehr wrote: > Not processes started that change to a non-root user from a root/init/rc > script. No session. At least not from what I was seeing in 5.10. > Intended or not, it wasn't behaving like PAM was ever involved. :-) If you're doing it as "su user" then pam.d/su is called which calls system-auth which calls pam_limits. If you're doing it as "runuser" then pam.d/runuser is called which directly calls pam_limits If your program just does setreuid() calls (which it can do if started as root, or is setuid) then it's not going near PAM and so will inherit the kernel defaults (if started by init) or the user current values (if started by a user). -- rgds Stephen