Hi Matthias,<div><br></div><div>limits.conf only takes effect when pam_limits module is run; as described by the small hurdle with Ubuntu in the linked thread.</div><div><br></div><div>start-stop-daemon (at least the version a part of dpkg) only uses setuid(2) to change the uid of the process</div>
<div><br></div><div><a href="http://dpkg.sourcearchive.com/documentation/1.15.5.6ubuntu2/start-stop-daemon_8c-source.html">http://dpkg.sourcearchive.com/documentation/1.15.5.6ubuntu2/start-stop-daemon_8c-source.html</a></div>
<div><br></div><div>(Unfortunately no line numbers, but it's the 2nd to last if clause at the bottom of the file)</div><div><br></div><div>I agree, it is ambiguous and limits should be set in one place for sanity and security.</div>
<div><br></div><div>I found there's modified version by Scot Dial <<a href="mailto:scot@scottdial.com">scot@scottdial.com</a>> in Gentoo that supports PAM, but I suspect it would take far longer to get Debian to adopt the changes.</div>
<div><br></div><div>Best,</div><div><br></div><div>John</div><div><br></div><div><div class="gmail_quote">On Wed, Apr 18, 2012 at 10:32 PM, Matthias Radestock <span dir="ltr"><<a href="mailto:matthias@rabbitmq.com">matthias@rabbitmq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">John,<br>
<br>
On 18/04/12 22:55, John Watson wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
With the transition to start-stop-daemon, RabbitMQ isn't started with<br>
pam integration.<br>
</blockquote>
<br>
Right. See <a href="http://old.nabble.com/limits.conf-not-working...-td33702428.html" target="_blank">http://old.nabble.com/limits.<u></u>conf-not-working...-<u></u>td33702428.html</a><br>
<br>
Instead, the init script should source /etc/default/<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
rabbitmq-server so we can set ulimit there<br>
</blockquote>
<br>
Is there really no way to let the limits.conf limits take effect? I cannot think of a reason why that ever would be the wrong thing to do. Having a way to override that limit is convenient, but the default surely should be the limit configured for the user. Seems to me that start-stop-daemon is introducing gratuitous complexity here.<br>
<br>
Regards,<br>
<br>
Matthias.<br>
</blockquote></div><br></div>