From: ludo@gnu.org (Ludovic Courtès)
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel <guix-devel@gnu.org>
Subject: Re: [RFC] Support for pam_limits.so: “su” is ignored.
Date: Sat, 02 Apr 2016 16:44:53 +0200 [thread overview]
Message-ID: <87vb40f4t6.fsf@gnu.org> (raw)
In-Reply-To: <874mbkxymn.fsf@elephly.net> (Ricardo Wurmus's message of "Sat, 02 Apr 2016 09:23:28 +0200")
[-- Attachment #1: Type: text/plain, Size: 3261 bytes --]
Ricardo Wurmus <rekado@elephly.net> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
[...]
>> --8<---------------cut here---------------start------------->8---
>> $ ./pre-inst-env guix system build ~/src/configuration/pluto-configuration.scm
>> substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org'... 100.0%
>> substitute: updating list of substitutes from 'https://hydra.gnu.org'... 100.0%
>> La jenaj derivoj estos konstruataj:
>> /gnu/store/0fxwylcmdxy7bqmjpxwqf24v2x4yr53w-system.drv
>> /gnu/store/q254gqx3rgwxn98nsaz16z8rl58nhfkw-shepherd.conf.drv
>> /gnu/store/517cxw8xiniwsh9bfdp389qxlm9w5jj8-activate-service.drv
>> /gnu/store/ky8p3bq0xpj3lf989fz1ba3j2xycyiz6-activate.drv
>> /gnu/store/ljjl4zs722flxbpip8jdssqd549g7pay-boot.drv
>> /gnu/store/vz8745sdk0ph0rykxldwzmfa3a5r7cm1-etc.drv
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system
>> ludo@pluto ~/src/guix$ grep pam_limit /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/*
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/login:session required pam_limits.so conf=/etc/security/limits.conf
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/slim:session required pam_limits.so conf=/etc/security/limits.conf
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/su:session required pam_limits.so conf=/etc/security/limits.conf
>> --8<---------------cut here---------------end--------------->8---
>>
>> … where the configuration in question has (pam-limits-service) in its
>> ‘services’ field.
… in addition to ‘%base-services’ and a bunch of things.
> How odd. It does not work for me:
>
> rekado in guix: ./pre-inst-env guix system build /etc/config.scm
> substitute: updating list of substitutes from 'https://hydra.gnu.org'... 100.0%
> The following derivations will be built:
> /gnu/store/8pldcwijn1szpyc4cbm4z808sbdn18r0-system.drv
> /gnu/store/x2pigxf3mrf5crbmnjfxza8h3a70fvnv-activate-service.drv
> /gnu/store/nwm5gsfavv35g3hjgzi5xymhxhqf2g4l-activate.drv
> /gnu/store/38x73bdqj40wmy3lz8qnpfc20wb0dr6x-boot.drv
> /gnu/store/mlkssjhw4avm8a37yi0nfk4z4zd9bkj6-security.drv
> /gnu/store/1lxncnhdab3l732r144r5ww0y9rjq72f-etc.drv
> /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system
> rekado in guix: grep limits /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system/etc/pam.d/*
> /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system/etc/pam.d/login:session required pam_limits.so conf=/etc/security/limits.conf
> /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system/etc/pam.d/slim:session required pam_limits.so conf=/etc/security/limits.conf
>
> When my configuration looks like this:
>
> (services (list (pam-limits-service)))
>
> Then there’s one file containing pam_limits, namely “/etc/pam.d/su”.
That’s expected: in this case, there’s no ‘login’ and no ‘slim’.
> When my configuration looks like this, however:
>
> (services (cons* (pam-limits-service)
> %desktop-services))
>
> Then only “/etc/pam.d/login” and “/etc/pam.d/slim” contain pam_limits;
> “/etc/pam.d/su” does not.
Hmm, I can’t reproduce it. For instance, with this:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 852 bytes --]
diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl
index 7cb461f..f98b6cf 100644
--- a/gnu/system/examples/lightweight-desktop.tmpl
+++ b/gnu/system/examples/lightweight-desktop.tmpl
@@ -33,13 +33,13 @@
;; Add a bunch of window managers; we can choose one at
;; the log-in screen with F1.
- (packages (cons* ratpoison i3-wm xmonad ;window managers
+ (packages (cons* ratpoison
nss-certs ;for HTTPS access
%base-packages))
;; Use the "desktop" services, which include the X11
;; log-in service, networking with Wicd, and more.
- (services %desktop-services)
+ (services (cons (pam-limits-service) %desktop-services))
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
[-- Attachment #3: Type: text/plain, Size: 968 bytes --]
I get:
--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env guix system build gnu/system/examples/lightweight-desktop.tmpl
substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org'... 100.0%
substitute: updating list of substitutes from 'https://hydra.gnu.org'... 100.0%
[...]
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
$ grep pam_limit /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/*
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:session required pam_limits.so conf=/etc/security/limits.conf
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session required pam_limits.so conf=/etc/security/limits.conf
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/su:session required pam_limits.so conf=/etc/security/limits.conf
--8<---------------cut here---------------end--------------->8---
Could you try it?
Thanks,
Ludo’.
next prev parent reply other threads:[~2016-04-02 14:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-01 7:01 [RFC] Support for pam_limits.so: “su” is ignored Ricardo Wurmus
2016-04-01 11:00 ` Ludovic Courtès
2016-04-02 7:23 ` Ricardo Wurmus
2016-04-02 14:44 ` Ludovic Courtès [this message]
2016-04-02 17:34 ` Ricardo Wurmus
2016-04-03 21:42 ` Ludovic Courtès
2016-04-05 7:47 ` Ricardo Wurmus
2016-04-05 9:48 ` Ludovic Courtès
2016-07-17 19:52 ` [PATCH] Add pam-limits-service. (was: [RFC] Support for pam_limits.so: “su” is ignored.) Ricardo Wurmus
2016-07-18 12:29 ` [PATCH] Add pam-limits-service Ludovic Courtès
2016-07-20 5:28 ` Ricardo Wurmus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vb40f4t6.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.