/etc/security/limits.conf not loaded on boot

Please find below bug report.

What is done:

sudo mkdir -p /etc/security/
sudo vi /etc/security/limits.conf
  user1 - priority -20
  user2 - priority -20
  user3 - priority -20

(file properly saved)

sudo reboot

[user1@CLR] $ nice
0

Expected:

[user1@CLR] $ nice
-20

Please kindly implement expected behaviour.
@ahkok

How did you login? did you login from the console? remotely over ssh?

[user1@CLR] $ nice

I don’t recognize this prompt format

I’m investigating this issue, may move it to our external github issue tracker.

Short answer: this is working as intended - manual steps are needed to make this work.

This isn’t a bug. By default pam_limits isn’t enabled for console logins and several other ways to switch user.

I’ve researched several other distributions and I don’t see this done differently in other distro’s (maybe there are some, but it appears at least that this isn’t standard).

The reason is pam_limits isn’t included in su or login or common-auth pam files. You can still manually set this up:

  • copy common-auth, su and maybe others from /usr/share/pam.d to /etc/pam.d
  • Modify it and add session required pam_limits.so to the relevant ones
  • create your /etc/security/limits.conf file as needed
2 Likes

@ahkok thank you very much. will give comments to both of your posts.

  1. I am logging in via ssh and via HP Integrated Remote Console.
  2. Thank you for checking the other distros and giving the guideline on how to try to make this work.
    Still it did not work.

What I did:
ssh login,

  1. copied common-auth , su and sshd from /usr/share/pam.d to /etc/pam.d
  2. added session required pam_limits.so to three files above
  3. created /etc/security/limits.conf
  4. reboot, log in via ssh.
    nice is still 0 instead of -20 (as in limits.conf for this user).

What exact files have to be copied to /etc/pam.d? If required I can send you all the files I created, etc.

For ssh you need to copy and modify /usr/share/pam.d/common-session.

If that last step also doesn’t work, there is another bug happening and we’ll need to delve even deeper.

Did the last step, still no success.

  1. copied common-session from /usr/share/pam.d to /etc/pam.d
  2. added session required pam_limits.so to the file above
  3. reboot, log in via ssh.
    nice is still 0 instead of -20 (as in limits.conf for this user).

I’m working on a fix for this…

2 Likes

hello, may I ask if the fix available already? or where can I monitor the changelog?

Linux-PAM-1.3.1-54 was pushed 12/3. It was in release 31800 or newer

I am on 31810 and still have no success with niceness. Did all the steps above.

alekperov@DS-IAACLR/etc/pam.d nice -n -20 vi common-session **nice: cannot set niceness: Permission denied** alekperov@DS-IAACLR/etc/pam.d sudo swupd check-update
Current OS version: 31810
Latest server version: 31810
There are no updates available

It works for me using console logins. I didn’t test anything else just yet. Clear version 31880+

Here’s what I had to do:

  • copy /usr/share/pam.d/common-session to /etc/pam.d/common-session and add a single line with session required pam_limits.so to the latter file.
  • create /etc/security/limits.conf with username - priority -20
  • reboot

Then, if I log in on the console, as the listed user, I can run /usr/bin/nice -n -20 bash and to confirm, ps -eo "%p %n %c"

Please double check you have the needed configs in place.

@ahkok I have sent a message to you with my configs. I have many lines in /etc/pam.d/common-session, maybe some of them override line with session required pam_limits.so ?

Still niceness does not work as expected. Please see my direct message. Please help.

I suggest recreating it according to my steps: copy the original and add the single line to it. This is what I did to make it work.