[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC]: Respect /etc/security/limits.conf
From: |
Ludovic Courtès |
Subject: |
Re: [RFC]: Respect /etc/security/limits.conf |
Date: |
Sun, 20 Sep 2015 18:41:39 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Ricardo Wurmus <address@hidden> skribis:
> The attached patch tries to add an entry for pam_limits.so, but I have
> no idea if this actually works or if this is the way it should be done.
> As far as I can tell we only need the pam_limits.so entry for
> “/etc/pam.d/login”, but I could not find where this file is generated.
It is generated based on the ‘pam-services’ field of the service
returned by ‘mingetty-service’.
Maybe it would be best to adjust just that part?
> Also, I wonder how users are supposed to edit /etc/security/limits.conf
> at all. I suppose they are not to edit anything in /etc anyway.
> pam_limits.so also reads *.conf files in “/etc/security/limits.d/” and
> maybe it would make sense for packages to provide a
> “$out/etc/security/limits.d/$name.conf” file with settings. For
> example, the “jack” packages could then provide
> “$out/etc/security/limits.d/realtime.conf”, which contains the
> following:
>
> @realtime - rtprio 99
> @realtime - memlock unlimited
>
> (See http://www.jackaudio.org/faq/linux_rt_config.html)
Is this PREFIX/etc/security/limits.d convention already used? If not,
I’d rather avoid inventing it. ;-)
What we could do is add a field in ‘operating-system’ to specify the
limits.conf file to install as /etc/security/limits.conf?
It would be even better to create Scheme data types that mirror the
settings of a limits.conf file (similar to what is done for PAM
settings), and have users fiddle with that rather than with a plain text
file.
> A user in the “realtime” group could then finally use JACK in realtime
> mode.
>
> What is the best way to make this work? (I really want to run JACK in
> realtime mode.)
(In the meantime I think your patch plus manual fiddling of
/etc/security/limits.conf does the job.)
Ludo’.