#10: The maxlogins limit doesn't work -----------------------+------------------------------ Reporter: wmknapik | Owner: pam-developers@… Type: defect | Status: new Priority: major | Component: library Version: 1.1.x | Keywords: maxlogins Blocked By: | Blocking: -----------------------+------------------------------ {{{ # We limit the max number of logins for user "user" to 1 on machine1. # The machine has since been rebooted. machine1 $ grep '^user.*maxlogins' /etc/security/limits.conf user soft maxlogins 1 user hard maxlogins 1 machine1 $ # On machine2 we have a simple test written as a makefile. machine2 $ cat test.mk MAKEFLAGS += -j tests := test1 test2 all: $(tests) $(tests): ssh -f -q -t -t -i key -p 22210 -o 'StrictHostKeyChecking no' user@machine1 "sleep 1d; echo $@" machine2 $ # We run the makefile in parallel (-j set in the makefile). machine2 $ make -f test.mk machine2 $ # Two processes managed to log in to machine1 despite the limit. machine2 $ pgrep -lf 'ssh.*test[12]$' 28871 ssh -f -q -t -t -i key -p 22210 -o StrictHostKeyChecking no user@machine1 sleep 1d; echo test2 28872 ssh -f -q -t -t -i key -p 22210 -o StrictHostKeyChecking no user@machine1 sleep 1d; echo test1 machine2 $ # Let's log into machine1 as root and see if there are actually two # sessions open for user "user". machine2 $ ssh -i key -p 22210 -o "StrictHostKeyChecking no" root@machine1 machine1 $ w USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT k3 pts/0 10.159.69.154 13:14 3:34 0.00s 0.00s bash -c sleep 1d; echo test1 k3 pts/1 10.159.69.154 13:14 3:34 0.00s 0.00s bash -c sleep 1d; echo test2 root pts/2 10.159.69.154 13:17 0.00s 0.03s 0.00s w machine1 $ # This test works as described above in at least one in 5 tries. # Sometimes the limits do work and the second ssh process is not let in. }}} -- Ticket URL: <https://fedorahosted.org/linux-pam/ticket/10> linux-pam <http://fedorahosted.org/linux-pam> The Linux-PAM (Pluggable Authentication Modules) project