summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2005-06-07 07:41:23 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2005-06-07 07:41:23 +0000
commitfa433b9e2fa1a00e13df36a8b709ffda9e3e715b (patch)
treeb039e9ebc37c01d2f60d06b24d990a1c84b82045
parent346893dbef4b4697e3efbffd05d9de94d93263c3 (diff)
Relevant BUGIDs: Novell #81690
Purpose of commit: bugfix Commit summary: --------------- If the process priority is not specified in the limits.conf file, pam_limits should not reset the current one to zero.
-rw-r--r--CHANGELOG2
-rw-r--r--modules/pam_limits/README4
-rw-r--r--modules/pam_limits/pam_limits.c5
3 files changed, 8 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG
index bd193b76..0695b7f3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -83,6 +83,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
root and target user is not (t8m)
* pam_access: Add listsep option to set list element separator by
Richard Shaffer (t8m)
+* pam_limits: Don't reset process priority if none is specified in
+ the config file (Novell #81690 - kukuk)
0.79: Thu Mar 31 16:48:45 CEST 2005
* pam_tally: added audit option (toady)
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index 32afb197..ac37afe1 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -6,8 +6,8 @@ THEORY OF OPERATION:
First, make a root-only-readable file (/etc/security/limits.conf by
default or INSTALLED_CONFILE defined Makefile) that describes the
-resource limits you wish to impose. No limits are imposed on UID 0
-accounts.
+resource limits you wish to impose. No priority changes and login
+limit checks are done on UID 0 accounts.
Each line describes a limit for a user in the form:
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index f7b228b8..eec3917a 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -248,7 +248,10 @@ static int init_limits(struct pam_limit_s *pl)
}
}
- pl->priority = 0;
+ errno = 0;
+ pl->priority = getpriority (PRIO_PROCESS, 0);
+ if (pl->priority == -1 && errno != 0)
+ retval = !PAM_SUCCESS;
pl->login_limit = -2;
pl->login_limit_def = LIMITS_DEF_NONE;