From owner-freebsd-questions@FreeBSD.ORG Sat Dec 27 07:36:20 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A166616A4CE for ; Sat, 27 Dec 2003 07:36:20 -0800 (PST) Received: from be-well.no-ip.com (lowellg.ne.client2.attbi.com [66.30.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C5AD43D45 for ; Sat, 27 Dec 2003 07:36:18 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.no-ip.com (Postfix, from userid 1147) id 0D5646D; Sat, 27 Dec 2003 10:36:17 -0500 (EST) Sender: lowell@be-well.ilk.org To: freebsd-questions@freebsd.org References: <20031227030246.A14316-100000@bugs.elitsat.net> From: Lowell Gilbert Date: 27 Dec 2003 10:36:17 -0500 In-Reply-To: <20031227030246.A14316-100000@bugs.elitsat.net> Message-ID: <441xqqs26m.fsf@be-well.ilk.org> Lines: 27 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: setting login.conf doesn't limit my users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 15:36:20 -0000 Alexander writes: > after setting a new login classes in login.conf the users still don't get > limited and worse - they can change the limits by themselves ! > > How do I restrict that ? > > I'm using FreeBSD 4.9-STABLE. Most of the users are using bash. They > are in the login class that should put them the limits and I ran cap_mkdb > /etc/login.conf after adding the new class. The users login via sshd. > > P.S. The FBSD handbook and the login.conf manpage doesn't help much. They > only say that I should put the limits I want in login.conf and everything > should be done. Do I miss something ? Well, for one thing sshd(8) doesn't use login(1) by default, so login.conf won't affect it at all. You can change that in login.conf(5), but doing so may have other consequences (I haven't had enough coffee today to remember what they could be; maybe checking mailing list archives would help). I think I'll go see if there's any coffee left... -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"