[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sudo and login classes
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: sudo and login classes
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Fri, 5 Oct 2001 13:21:02 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
imagine you run a fairly busy webserver. Thus you have created or modified a
login class (lets call it daemon) in /etc/login.conf to set openfiles and
maxprocs to high values. you applied this login class to root. When you boot
the machine and apache gets started everything is fine.
After mirades of uninterrupted service ;-)) you compile a new httpd binary
and need to stop and restart apache. Nice guy you are you login as normal
user (beeing in a login class with much stricter ressource limits - lets
call it default) and "sudo apachectl stop" + "sudo apachectl start". Voila,
your httpd has the limits of the default login class applied, NOT the one
I wouldn't exactly call this behaviour errorneous. But it is unexpected. The
only solution I know is to actually login as root and issue the apachectl
commands that way.
Is this the expected behaviour?
Should it be changed (is it possible at all?)?
(login classes are great. I just love 'em.)
* Henning Brauer, hostmaster_(_at_)_bsws_(_dot_)_de, http://www.bsws.de *
* BS Web Services, Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
Visit your host, monkey.org