[systemd-devel] Antw: [EXT] Re: Per user limit defaults in systemd.conf
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Sep 2 08:39:43 UTC 2020
>>> Lennart Poettering <lennart at poettering.net> schrieb am 01.09.2020 um 16:30
in
Nachricht <20200901143043.GA264071 at gardel-login>:
> On Mo, 31.08.20 17:34, Joshua Miller (joshuamiller01 at gmail.com) wrote:
>
>> Is there a way to set per‑user defaults for values in systemd.conf? e.g.
>> I'd like to set DefaultLimitMEMLOCK for the 'app' user (User=app), such
>> that all units run as User=app get the setting.
>
> Something like that does not exist.
The question is:
Should it be done when starting some process? If so, I guess the unit file
could apply the limits.
If it should be done for a user session, then Lennart mentioned how to do it.
>
>> I'm looking for a way to do what's done via pam_limits per limits.conf
>> (e.g. `username hard nofile 512`)
>
> Nope, that's not what limits.conf does. limits.conf is only applied by
> pam_limits, i.e. whenever a PAM session is opened. And that typically
> means at login‑time. (Some sloppy init scripts might have used "su" to
> request a PAM login session even for system services back in sysv, but
> that's really sloppy, people should use "setpriv" for that).
>
> Anyway, do you want this for login users or for system services?
> Initially your reference to User= suggests the latter, but your
> reference to PAM suggests the former. What is it now?
>
> You can use PAMName= in service unit files to allocate a PAM session
> for them too (and thus also go through pam_limits if you configure the
> stack like that). But it's a bit of a misuse to do so, given that PAM
> isn't really what system services should bother with.
>
> Lennart
>
> ‑‑
> Lennart Poettering, Berlin
> _______________________________________________
> systemd‑devel mailing list
> systemd‑devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd‑devel
More information about the systemd-devel
mailing list