[sudo-users] file ulimit not set correctly

Thomas Falkenberg TFALKEN at de.ibm.com
Tue Feb 2 06:36:16 EST 2010 

Hello,

I have a problem with the file ulimit setting after switching to another 
user using sudo.
If a user has a defined file limit, it will be reset to zero after using 
sudo to open a shell as another user.

Here two examples:

Switching from general user to root user:

[3]:falkenbe at itc-netv1:/home/falkenbe $ ulimit -a
time(seconds)        unlimited
file(blocks)         209715200
data(kbytes)         131072
stack(kbytes)        32768
memory(kbytes)       32768
coredump(blocks)     2097151
nofiles(descriptors) unlimited

[3]:falkenbe at itc-netv1:/home/falkenbe $ sudo sh

[3]:falkenbe at itc-netv1:/home/falkenbe $ ulimit -a
sh: A file cannot be larger than the value set by ulimit.
time(seconds)        unlimited
file(blocks)         0
data(kbytes)         131072
stack(kbytes)        32768
memory(kbytes)       32768
coredump(blocks)     2097151
nofiles(descriptors) unlimited

Switching from root user to another user:

[5:root at itc-netv1:]/home/root # ulimit -a
time(seconds)        unlimited
file(blocks)         209715200
data(kbytes)         131072
stack(kbytes)        32768
memory(kbytes)       32768
coredump(blocks)     2097151
nofiles(descriptors) unlimited

[5:root at itc-netv1:]/home/root # sudo -u falkenbe sh

[5:root at itc-netv1:] # ulimit -a
sh: A file cannot be larger than the value set by ulimit.
time(seconds)        unlimited
file(blocks)         0
data(kbytes)         131072
stack(kbytes)        32768
memory(kbytes)       32768
coredump(blocks)     2097151
nofiles(descriptors) unlimited


The file /etc/security/limits has a unique setting for all users and only 
one entry for the default user:

default:
        fsize = 209715200
        core = 2097151
        cpu = -1
        data = 262144
        rss = 65536
        stack = 65536
        nofiles = -1

I use the sudo version 1.7.2p2 on AIX 5.3:

[4]:falkenbe at itc-netv1:/home/falkenbe $ oslevel -s
5300-10-01-0921

[4]:falkenbe at itc-netv1:/home/falkenbe $ rpm -qi sudo
Name        : sudo                         Relocations: (not relocateable)
Version     : 1.7.2p2                           Vendor: (none)
Release     : 1                             Build Date: Tue Dec  8 
11:19:20 MEZ 2009
Install date: Tue Feb  2 11:18:16 MEZ 2010      Build Host: 
aix51.perzl.org
Group       : Applications/System           Source RPM: 
sudo-1.7.2p2-1.src.rpm
Size        : 746434                           License: BSD
URL         : http://www.courtesan.com/sudo/
Summary     : Allows restricted root access for specified users
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis.  It is not a replacement for the shell.  Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

Kind regards
Thomas Falkenberg 
E-Mail: tfalken at de.ibm.com

More information about the sudo-users mailing list