I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM.
I find I can't allocate more than 1GB to any process as root. ksh ulimit builtin provides me this when I try to set the hard limit unlimited. Even so, when I set the hard and soft limits for, say, 'ulimit -d' as root and then su my application user, the specified limit is unattainable. # ulimit -d 1048576 # ulimit -Hd unlimited # ulimit -d unlimited # ulimit -d 1048576 # su - xyz $ ulimit -d 524288 $ ulimit -d 1024575 ksh: ulimit: exceeds allowable limit Other operating systems have a configuration such as /etc/security/limits.conf. What is the equivalent in OpenBSD? -- Douglas Held [hidden email] +447986527654 |
On Sat, Jan 01, 2011 at 02:54:48PM +0000, Douglas Held wrote:
> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM. > > I find I can't allocate more than 1GB to any process as root. ksh > ulimit builtin provides me this when I try to set the hard limit > unlimited. 1GB is the hard limit in the kernel (for i386). There are a number of factors that play into this, the limitations of i386 with W^X, address space randomisation, space for mmap, etc. Basically the price you pay for OpenBSDs "invisible" security features. There are some recent patches on tech@ that raise the limit a bit, iirc. > > Even so, when I set the hard and soft limits for, say, 'ulimit -d' as > root and then su my application user, the specified limit is > unattainable. > > # ulimit -d > 1048576 > # ulimit -Hd unlimited > # ulimit -d unlimited > # ulimit -d > 1048576 > # su - xyz > $ ulimit -d > 524288 > $ ulimit -d 1024575 > ksh: ulimit: exceeds allowable limit > > Other operating systems have a configuration such as > /etc/security/limits.conf. What is the equivalent in OpenBSD? > > > -- > Douglas Held > [hidden email] > +447986527654 |
OK. 1GB hard limit, I can work with that.
What about the reduced limit for my non root user? For now I'll simply carry out my processing as root, but this can hardly be considered best practices. Doug On Sat, Jan 1, 2011 at 3:23 PM, Tobias Ulmer <[hidden email]> wrote: > On Sat, Jan 01, 2011 at 02:54:48PM +0000, Douglas Held wrote: >> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM. >> >> I find I can't allocate more than 1GB to any process as root. ksh >> ulimit builtin provides me this when I try to set the hard limit >> unlimited. > > 1GB is the hard limit in the kernel (for i386). There are a number of > factors that play into this, the limitations of i386 with W^X, address > space randomisation, space for mmap, etc. Basically the price you pay > for OpenBSDs "invisible" security features. > > There are some recent patches on tech@ that raise the limit a bit, iirc. > >> >> Even so, when I set the hard and soft limits for, say, 'ulimit -d' as >> root and then su my application user, the specified limit is >> unattainable. >> >> # ulimit -d >> 1048576 >> # ulimit -Hd unlimited >> # ulimit -d unlimited >> # ulimit -d >> 1048576 >> # su - xyz >> $ ulimit -d >> 524288 >> $ ulimit -d 1024575 >> ksh: ulimit: exceeds allowable limit >> >> Other operating systems have a configuration such as >> /etc/security/limits.conf. What is the equivalent in OpenBSD? >> >> >> -- >> Douglas Held >> [hidden email] >> +447986527654 >> > -- Douglas Held [hidden email] +447986527654 |
In reply to this post by Douglas Held
Hi Douglas,
Douglas Held wrote on Sat, Jan 01, 2011 at 02:54:48PM +0000: > I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM. > > I find I can't allocate more than 1GB to any process as root. ksh > ulimit builtin provides me this when I try to set the hard limit > unlimited. > > Even so, when I set the hard and soft limits for, say, 'ulimit -d' as > root and then su my application user, the specified limit is > unattainable. > > # ulimit -d > 1048576 > # ulimit -Hd unlimited > # ulimit -d unlimited > # ulimit -d > 1048576 > # su - xyz > $ ulimit -d > 524288 > $ ulimit -d 1024575 > ksh: ulimit: exceeds allowable limit > > Other operating systems have a configuration such as > /etc/security/limits.conf. What is the equivalent in OpenBSD? Have a look at login.conf(5). Of course, that will only work as far up as supported by your architecture. Yours, Ingo |
In reply to this post by Douglas Held
On Sat, Jan 01, 2011 at 03:53:09PM +0000, Douglas Held wrote:
> OK. 1GB hard limit, I can work with that. > > What about the reduced limit for my non root user? For now I'll > simply carry out my processing as root, but this can hardly be > considered best practices. Put the user in the "staff" class (login.conf(5), passwd(5)). The user can then raise its limits. > > Doug > > On Sat, Jan 1, 2011 at 3:23 PM, Tobias Ulmer <[hidden email]> wrote: > > On Sat, Jan 01, 2011 at 02:54:48PM +0000, Douglas Held wrote: > >> I've installed OpenBSD 4.7, i386 in a VMWare virtual machine with 3GB RAM. > >> > >> I find I can't allocate more than 1GB to any process as root. ksh > >> ulimit builtin provides me this when I try to set the hard limit > >> unlimited. > > > > 1GB is the hard limit in the kernel (for i386). There are a number of > > factors that play into this, the limitations of i386 with W^X, address > > space randomisation, space for mmap, etc. Basically the price you pay > > for OpenBSDs "invisible" security features. > > > > There are some recent patches on tech@ that raise the limit a bit, iirc. > > > >> > >> Even so, when I set the hard and soft limits for, say, 'ulimit -d' as > >> root and then su my application user, the specified limit is > >> unattainable. > >> > >> # ulimit -d > >> 1048576 > >> # ulimit -Hd unlimited > >> # ulimit -d unlimited > >> # ulimit -d > >> 1048576 > >> # su - xyz > >> $ ulimit -d > >> 524288 > >> $ ulimit -d 1024575 > >> ksh: ulimit: exceeds allowable limit > >> > >> Other operating systems have a configuration such as > >> /etc/security/limits.conf. What is the equivalent in OpenBSD? > >> > >> > >> -- > >> Douglas Held > >> [hidden email] > >> +447986527654 > >> > > > > > > -- > Douglas Held > [hidden email] > +447986527654 |
Free forum by Nabble | Edit this page |