[sudo-users] "nice sudo foo": "foo" does not inherits niceness
thomas
thomas.bsd at gmail.com
Mon Aug 18 14:19:26 EDT 2008
2008/8/18 Todd C. Miller <Todd.Miller at courtesan.com>:
> In message <2753bafa0808180819v50e5bd19w62800a63ee3b553b at mail.gmail.com>
> so spake thomas (thomas.bsd):
>
>> Hi list, here is my question:
>>
>> $ (nice sudo sleep 5 &); ps -al | egrep '(^F|sleep)'
>> F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
>> 4 S 0 15823 1 0 80 0 - 754 - pts/5 00:00:00 sleep
>>
>> Why doesn't "sleep" have a niceness of 10?
>>
>> Of course I do not want to add "nice" to /etc/sudoers and run "sudo
>> nice foo", that would be quite insecure :-/
>
> The pam_limits.so PAM module (see /etc/security/limits.conf) is
> resetting the nice value to zero. You can remove pam_limits.so
> from /etc/pam.d/sudo but that will prevent the resource limits from
> being set based on the target user.
Thanks for the tip. I commented out "session required pam_limits.so"
in /etc/pam.d/sudo and this fixed the issue (although, as you
mentioned, this is not a perfect solution).
++
Thomas
More information about the sudo-users
mailing list