touch-packages team mailing list archive

Thread
Date

[Bug 1268373] Re: pam_limits.so removed from /etc/pam.d/sudo in Precise

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: eraserix <eraserix@xxxxxxxxx>
Date: Tue, 28 Apr 2015 09:00:52 -0000
Reply-to: Bug 1268373 <1268373@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I stumbled across this while looking into how to setup pam so
pam_limits.so would be applied in various scenarios, at least sudo, su,
ssh login, shell login. This does not seem to be as trivial as just
adding it to common-session. Using common-session-noninteractive strikes
me as odd, e.g. sudo bash is quite interactive.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1268373

Title:
  pam_limits.so removed from /etc/pam.d/sudo in Precise

Status in sudo package in Ubuntu:
  Confirmed

Bug description:
  Hello,

  In the /etc/pam.d/sudo file installed by this package, pam_limits.so
  is no longer included in Precise.

  It was present in /etc/pam.d/sudo in Lucid:

  root@vm:~# grep pam_limits.so ./etc/pam.d/sudo
  session required pam_limits.so

  In Precise, the file looks like:

  root@vm:~# cat ./etc/pam.d/sudo
  #%PAM-1.0

  @include common-auth
  @include common-account
  @include common-session-noninteractive
  root@vm:~#

  The changelog for the sudo package mentions the addition of common-
  session-noninteractive, but doesn't mention why pam_limits.so was
  removed; pam_limits.so is not included in common-session-
  noninteractive either:

  --- sudo-1.7.4p6/debian/sudo.manpages	2011-05-23 07:01:02.000000000 +0000
  +++ sudo-1.8.3p1/debian/sudo.manpages	2011-10-26 23:04:10.000000000 +0000
  @@ -1,3 +1,3 @@
  -build-simple/sudo.man
  -build-simple/sudoers.man
  -build-simple/visudo.man
  +build-simple/doc/sudo.man
  +build-simple/doc/sudoers.man
  +build-simple/doc/visudo.man
  diff -Nru sudo-1.7.4p6/debian/sudo.pam sudo-1.8.3p1/debian/sudo.pam
  --- sudo-1.7.4p6/debian/sudo.pam	2011-05-23 07:01:02.000000000 +0000
  +++ sudo-1.8.3p1/debian/sudo.pam	2011-10-26 23:04:10.000000000 +0000
  @@ -2,6 +2,4 @@

   @include common-auth
   @include common-account
  -
  -session required pam_permit.so
  -session required pam_limits.so
  +@include common-session-noninteractive

  Best regards,
  Matt

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1268373/+subscriptions