Re: [Jack-Devel] su, limits, PAM and JACK

Prev	Next Index
Date	Wed, 23 May 2012 08:15:57 +0100
From	Jeremy Henty <[hidden] at starurchin dot org>
To	[hidden] at lists dot jackaudio dot org
In-Reply-To	Jamie Heilman Re: [Jack-Devel] su, limits, PAM and JACK
Follow-Up	Jamie Heilman Re: [Jack-Devel] su, limits, PAM and JACK

Jamie Heilman wrote:
> Jeremy Henty wrote:
> > Jamie Heilman wrote:
> > 
> > > Chances are your PAM stack isn't configured to use pam_limits.so
> > > for su sessions, which means using su won't pay any attention to
> > > the setttings in  limits.conf until it is.  That  said, don't do
> > > that.  Using  su programatically to  switch users is a  bad idea
> > > becuase su's behavior is notoriously unportable anyway.
> > 
> > So, is there any good  way to programatically switch users?  I ask
> > because I have been  trying to do that with su and  I hit the same
> > problem as the OP.
> 
> ...  I'm a  big  fan of  the  supervision utilities  written by  djb
> (http://cr.yp.to/daemontools.html)    and    by   extension    runit
> (http://smarden.org/runit/)

I'm  a daemontools  fan  too,  but I  don't  think softlimit  supports
setting the  RT priority stuff  that jackd requires  so it is  no help
here.  Even  if it did that  would duplicate configuration  in the PAM
and daemontools installations which irks me a little.

runit looks interesting (thanks for the link) but it's a complete Sysv
init  replacement, which  is a  lot of  work just  to get  one service
running properly.

It would  be nice to  just wrap  a script in  a PAM service.   Do such
wrappers  exist?  Or are  they too  much of  a security  nightmare?  I
suspect I'll end up adding pam_limits to /etc/pam.d/su , unless that's
also a security no-no.

Thanks for your help, some very interesting stuff there.

Jeremy Henty

Prev	Next Index

1337757372.2590_0.ltw:2, <20120523071557.GF3304 at omphalos dot singularity>