different ulimits when 'pbrun' to user

zxmaus · May 25, 2009, 1:31pm

Hi,

we run an application called powerbroker that is providing a secured and logged access to functional IDs like root or oracle.
Generally the functionality should not differ from a normal su - but I am right now experiencing some behaviour I cannot explain: when 2 different users are switching to the same functional ID, the ulimits seem to be different ... even though /etc/security/limits has the correct ulimits for this functional ID.
Does anybody know where else the wrong values could come from ?

Thanks and regards
zxmaus

zaxxon · May 27, 2009, 1:25am

What happens if you use the ID of the user and su - to that functional ID and check the limits? If this works, I guess, the software is not working correct or missing some kind of configuration parameter?
I just checked the website of powerbroker out of interest but their support seems not to be accessed easily.

zxmaus · May 27, 2009, 1:31am

Hi zaxxon,

uid and gid shown are exactly the same for the user with correct and for the user with incorrct ulimits ... that's what confuses me so much.
Even when I do a normal su to the fid the ulimits seem correct. It's only when users from a particular hostgroup do the pbrun the ulimits seem to be wrong - on this particular machine - on other machines its correct. That's why I believe the reason is on the box somewhere, not in the appliction.
Maybe I just have to live with it

Kind regards
zxmaus

funksen · May 27, 2009, 5:07am

limits work for user name and not for user id

check /etc/security/limits

example:

/etc/passwd: 
root:!:0:0::/:/usr/bin/ksh
blubb:!:0:0::/:/usr/bin/ksh

/etc/secuirty/limits
root:
        fsize = -1
        fsize_hard = -1
        stack_hard = -1
        rss = -1

blubb:
        fsize = 10000
        fsize_hard = 10000
        stack_hard = -1
        rss = -1

>su - root
>ulimit -a
time(seconds)        unlimited
file(blocks)         unlimited
data(kbytes)         131072
stack(kbytes)        32768
memory(kbytes)       unlimited
coredump(blocks)     2097151
nofiles(descriptors) 2000

>su - blubb
>ulimit -a
time(seconds)        unlimited
file(blocks)         10000
data(kbytes)         131072
stack(kbytes)        32768
memory(kbytes)       unlimited
coredump(blocks)     2097151
nofiles(descriptors) 2000

zxmaus · July 31, 2009, 1:27am

funksen,
thanks - I knew that and the ulimits were correct set in the system. I still don't know what really went wrong but since I rebooted the system, the ulimits are fine and in sync now. I assume some running process kept the older (wrong) limits though I initially thought a re-login of the user should refresh these ulimits ... apparently I was wrong
Kind regards
zxmaus