[rabbitmq-discuss] Ubuntu/Debian limits in 2.8.x

John Watson john at disqus.com
Thu Apr 19 08:02:32 BST 2012


Hi Matthias,

limits.conf only takes effect when pam_limits module is run; as described
by the small hurdle with Ubuntu in the linked thread.

start-stop-daemon (at least the version a part of dpkg) only uses setuid(2)
to change the uid of the process

http://dpkg.sourcearchive.com/documentation/1.15.5.6ubuntu2/start-stop-daemon_8c-source.html

(Unfortunately no line numbers, but it's the 2nd to last if clause at the
bottom of the file)

I agree, it is ambiguous and limits should be set in one place for sanity
and security.

I found there's modified version by Scot Dial <scot at scottdial.com> in
Gentoo that supports PAM, but I suspect it would take far longer to get
Debian to adopt the changes.

Best,

John

On Wed, Apr 18, 2012 at 10:32 PM, Matthias Radestock
<matthias at rabbitmq.com>wrote:

> John,
>
> On 18/04/12 22:55, John Watson wrote:
>
>> With the transition to start-stop-daemon, RabbitMQ isn't started with
>> pam integration.
>>
>
> Right. See http://old.nabble.com/limits.**conf-not-working...-**
> td33702428.html<http://old.nabble.com/limits.conf-not-working...-td33702428.html>
>
>  Instead, the init script should source /etc/default/
>
>> rabbitmq-server so we can set ulimit there
>>
>
> Is there really no way to let the limits.conf limits take effect? I cannot
> think of a reason why that ever would be the wrong thing to do. Having a
> way to override that limit is convenient, but the default surely should be
> the limit configured for the user. Seems to me that start-stop-daemon is
> introducing gratuitous complexity here.
>
> Regards,
>
> Matthias.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120419/767a344f/attachment.htm>


More information about the rabbitmq-discuss mailing list