From c9c4b5d6c58ff4042576d228249148da67d58196 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Sat, 17 Jun 2006 10:29:10 +0000
Subject: Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2006-06-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/Makefile.am: Include Make.xml.rules.
        * modules/pam_limits/limits.conf.5: New, generated from xml file.
        * modules/pam_limits/limits.conf.5.xml: New.
        * modules/pam_limits/pam_limits.8: New, generated from xml file.
        * modules/pam_limits/pam_limits.8.xml: New.
        * modules/pam_limits/README.xml: New.
        * modules/pam_limits/README: Regenerated from README.xml.
---
 modules/pam_limits/pam_limits.8.xml | 230 ++++++++++++++++++++++++++++++++++++
 1 file changed, 230 insertions(+)
 create mode 100644 modules/pam_limits/pam_limits.8.xml

(limited to 'modules/pam_limits/pam_limits.8.xml')

diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
new file mode 100644
index 00000000..78060a20
--- /dev/null
+++ b/modules/pam_limits/pam_limits.8.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id='pam_limits'>
+
+  <refmeta>
+    <refentrytitle>pam_limits</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id='pam_limits-name'>
+    <refname>pam_limits</refname>
+    <refpurpose>
+      PAM module to limit resources
+    </refpurpose>
+  </refnamediv>
+
+<!-- body begins here -->
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_limits-cmdsynopsis">
+      <command>pam_limits.so</command>
+      <arg choice="opt">
+        change_uid
+      </arg>
+      <arg choice="opt">
+        conf=<replaceable>/path/to/limits.conf</replaceable>
+      </arg>
+      <arg choice="opt">
+        debug
+      </arg>
+      <arg choice="opt">
+        utmp_early
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+
+  <refsect1 id="pam_limits-description">
+    <title>DESCRIPTION</title>
+    <para>
+      The pam_limits PAM module sets limits on the system resources that can be
+      obtained in a user-session. Users of <emphasis>uid=0</emphasis> are affected
+      by this limits, too.
+    </para>
+    <para>
+      By default limits are taken from the <filename>/etc/security/limits.conf</filename>
+      config file.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_limits-options">
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+        <term>
+          <option>change_uid</option>
+        </term>
+        <listitem>
+          <para>
+            Change real uid to the user for who the limits are set up. Use this
+            option if you have problems like login not forking a shell for user
+            who has no processes. Be warned that something else may break when
+            you do this.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>conf=<replaceable>/path/to/limits.conf</replaceable></option>
+        </term>
+        <listitem>
+          <para>
+            Indicate an alternative limits.conf style configuration file to
+            override the default.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>debug</option>
+        </term>
+        <listitem>
+          <para>
+            Print debug information.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>utmp_early</option>
+        </term>
+        <listitem>
+          <para>
+            Some broken applications actually allocate a utmp entry for
+            the user before the user is admitted to the system. If some
+            of the services you are configuring PAM for do this, you can
+            selectively use this module argument to compensate for this
+            behavior and at the same time maintain system-wide consistency
+            with a single limits.conf file.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_limits-services">
+    <title>MODULE SERVICES PROVIDED</title>
+    <para>
+      Only the <option>session</option> service is supported.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_limits-return_values">
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>PAM_ABORT</term>
+        <listitem>
+           <para>
+             Cannot get current limits.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_IGNORE</term>
+        <listitem>
+           <para>
+             No limits found for this user.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_PERM_DENIED</term>
+        <listitem>
+          <para>
+            New limits could not be set.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SERVICE_ERR</term>
+        <listitem>
+           <para>
+             Cannot read config file.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SESSEION_ERR</term>
+        <listitem>
+           <para>
+             Error recovering account name.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SUCCESS</term>
+        <listitem>
+           <para>
+             Limits were changed.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_USER_UNKNOWN</term>
+        <listitem>
+           <para>
+             The user is not known to the system.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_limits-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/etc/security/limits.conf</filename></term>
+        <listitem>
+          <para>Default configuration file</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_limits-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      For the services you need resources limits (login for example) put a
+      the following line in <filename>/etc/pam.d/login</filename> as the last
+      line for that service (usually after the pam_unix session line):
+    </para>
+    <programlisting>
+#%PAM-1.0
+#
+# Resource limits imposed on login sessions via pam_limits
+#
+session  required  pam_limits.so
+    </programlisting>
+    <para>
+      Replace "login" for each service you are using this module.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_limits-see_also">
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_limits-authors">
+    <title>AUTHORS</title>
+    <para>
+      pam_limits was initially written by Cristian Gafton &lt;gafton@redhat.com&gt;
+    </para>
+  </refsect1>
+</refentry>
-- 
cgit v1.2.3