Re: [Jack-Devel] su, limits, PAM and JACK
Jamie Heilman wrote:
> Jeremy Henty wrote:
> > Jamie Heilman wrote:
> >
> > > Chances are your PAM stack isn't configured to use pam_limits.so
> > > for su sessions, which means using su won't pay any attention to
> > > the setttings in limits.conf until it is. That said, don't do
> > > that. Using su programatically to switch users is a bad idea
> > > becuase su's behavior is notoriously unportable anyway.
> >
> > So, is there any good way to programatically switch users? I ask
> > because I have been trying to do that with su and I hit the same
> > problem as the OP.
>
> ... I'm a big fan of the supervision utilities written by djb
> (http://cr.yp.to/daemontools.html) and by extension runit
> (http://smarden.org/runit/)
I'm a daemontools fan too, but I don't think softlimit supports
setting the RT priority stuff that jackd requires so it is no help
here. Even if it did that would duplicate configuration in the PAM
and daemontools installations which irks me a little.
runit looks interesting (thanks for the link) but it's a complete Sysv
init replacement, which is a lot of work just to get one service
running properly.
It would be nice to just wrap a script in a PAM service. Do such
wrappers exist? Or are they too much of a security nightmare? I
suspect I'll end up adding pam_limits to /etc/pam.d/su , unless that's
also a security no-no.
Thanks for your help, some very interesting stuff there.
Jeremy Henty
1337757372.2590_0.ltw:2, <20120523071557.GF3304 at omphalos dot singularity>