Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 157290 - vixie-cron missing pam configuration for limits
Summary: vixie-cron missing pam configuration for limits
Keywords:
Status: CLOSED DUPLICATE of bug 5162
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: vixie-cron
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks: 170445
TreeView+ depends on / blocked
 
Reported: 2005-05-10 09:08 UTC by Bastien Nocera
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version: vixie-cron-4.1-6_EL3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-21 19:08:20 UTC


Attachments (Terms of Use)

Description Bastien Nocera 2005-05-10 09:08:40 UTC
In the /etc/security/limits.conf file I increase, for example, the number of
open file handles allowed for a process.

# grep nofile /etc/security/limits.conf
dan        soft       nofile   10000
dan        hard      nofile   20000

In an SSH session I can verify the limits are being applied:

$ ulimit -n
10000


If, however, I setup a cron job as this user:

$ crontab -l
* * * * *  /bin/bash -c "ulimit > /tmp/ulimits.txt"

If I then look at the output the limits are not being applied

$ grep "open files" /tmp/ulimits.txt
open files              (-n)      1024


A little poking around reveals that the vixie-cron RPM is missing the PAM config
file neccessary to have session limits applied. If I create a file

# cat > /etc/pam.d/cron <<EOF
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
EOF

Restart the cron daemon

# /etc/init.d/crond restart


Then, wait for the job to run again it now picks up limits correctly

$ grep "open files" /tmp/ulimits.txt
open files              (-n) 10000

The lack of this PAM config is causing application jobs that would otherwise
work, to fail

Comment 1 Tomas Mraz 2005-05-10 12:11:48 UTC
Nope, this doesn't fix the problem at all. It only appears so to you.
The RHEL-3 vixie-cron version 3.0.1 doesn't have a pam support at all.

The reason why your trick works is that the limits established in the bash
session where you issue /etc/init.d/crond restart apply to the crond daemon and
thus apply to the user's processes called according to the crontab.

The RHEL-4 vixie-cron has pam support implemented.


Comment 2 Jason Vas Dias 2005-05-10 12:17:36 UTC
vixie-cron currently does not support PAM in RHEL-3 .

You can download vixie-cron-4.1-6_EL3, which does support PAM, and
which will hopefully be in RHEL-3-U6, from:
  http://people.redhat.com/~jvdias/vixie-cron/RHEL-3/

  

Comment 3 Jason Vas Dias 2005-05-10 12:19:45 UTC
*** Bug 157291 has been marked as a duplicate of this bug. ***

Comment 4 Jason Vas Dias 2005-05-10 12:22:18 UTC

*** This bug has been marked as a duplicate of 5162 ***

Comment 5 Jason Vas Dias 2005-05-10 12:24:09 UTC
BTW, the PAM configuration file for vixie-cron-4.1+ is
/etc/pam.d/crond , not
/etc/pam.d/cron


Comment 7 Jason Vas Dias 2005-10-14 15:33:14 UTC
This bug is fixed with vixie-cron-4.1-8_EL3, available from:
  http://people.redhat.com/~jvdias/cron/RHEL-3
and should be considered for inclusion in RHEL-3-U7 .

Comment 9 Red Hat Bugzilla 2006-02-21 19:08:20 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.