[sudo-users] file ulimit not set correctly
Thomas Falkenberg
TFALKEN at de.ibm.com
Tue Feb 2 06:36:16 EST 2010
Hello,
I have a problem with the file ulimit setting after switching to another
user using sudo.
If a user has a defined file limit, it will be reset to zero after using
sudo to open a shell as another user.
Here two examples:
Switching from general user to root user:
[3]:falkenbe at itc-netv1:/home/falkenbe $ ulimit -a
time(seconds) unlimited
file(blocks) 209715200
data(kbytes) 131072
stack(kbytes) 32768
memory(kbytes) 32768
coredump(blocks) 2097151
nofiles(descriptors) unlimited
[3]:falkenbe at itc-netv1:/home/falkenbe $ sudo sh
[3]:falkenbe at itc-netv1:/home/falkenbe $ ulimit -a
sh: A file cannot be larger than the value set by ulimit.
time(seconds) unlimited
file(blocks) 0
data(kbytes) 131072
stack(kbytes) 32768
memory(kbytes) 32768
coredump(blocks) 2097151
nofiles(descriptors) unlimited
Switching from root user to another user:
[5:root at itc-netv1:]/home/root # ulimit -a
time(seconds) unlimited
file(blocks) 209715200
data(kbytes) 131072
stack(kbytes) 32768
memory(kbytes) 32768
coredump(blocks) 2097151
nofiles(descriptors) unlimited
[5:root at itc-netv1:]/home/root # sudo -u falkenbe sh
[5:root at itc-netv1:] # ulimit -a
sh: A file cannot be larger than the value set by ulimit.
time(seconds) unlimited
file(blocks) 0
data(kbytes) 131072
stack(kbytes) 32768
memory(kbytes) 32768
coredump(blocks) 2097151
nofiles(descriptors) unlimited
The file /etc/security/limits has a unique setting for all users and only
one entry for the default user:
default:
fsize = 209715200
core = 2097151
cpu = -1
data = 262144
rss = 65536
stack = 65536
nofiles = -1
I use the sudo version 1.7.2p2 on AIX 5.3:
[4]:falkenbe at itc-netv1:/home/falkenbe $ oslevel -s
5300-10-01-0921
[4]:falkenbe at itc-netv1:/home/falkenbe $ rpm -qi sudo
Name : sudo Relocations: (not relocateable)
Version : 1.7.2p2 Vendor: (none)
Release : 1 Build Date: Tue Dec 8
11:19:20 MEZ 2009
Install date: Tue Feb 2 11:18:16 MEZ 2010 Build Host:
aix51.perzl.org
Group : Applications/System Source RPM:
sudo-1.7.2p2-1.src.rpm
Size : 746434 License: BSD
URL : http://www.courtesan.com/sudo/
Summary : Allows restricted root access for specified users
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
Kind regards
Thomas Falkenberg
E-Mail: tfalken at de.ibm.com
More information about the sudo-users
mailing list