0

I want to set security limits for every service in /etc/init.d say

ulimit -c unlimited

but this should execute while issuing "service <process> start" or "/etc/init.d/<process> start".

Is there a generic path, so that if we write there it will apply to all the services whie "starting" the service.

Sasikiran Vaddi
  • 2,199
  • 4
  • 23
  • 29
  • How about changing the per-user limit in `/etc/security/limits.conf`? – John Zwinck Oct 21 '14 at 06:55
  • yes i have done this, but after a process crash if we start the service instead of restarting, these cofigurations are not getting loaded. So inorder to resolve this i thought of adding it in start) of every service which is not the generic way to implement – Sasikiran Vaddi Oct 21 '14 at 06:58
  • Why would your settings not work when starting the service? This seems pretty strange to me. This may actually be a question for SuperUser. – John Zwinck Oct 21 '14 at 06:59
  • Don't know, but after a crash if I restart the service i'm able to find the limits and core dump is also getting created. But instead of restarting if I start, then the "core file size" is setting to 0. Then if a process crash occurs, core dump is not getting generated. – Sasikiran Vaddi Oct 21 '14 at 07:01

2 Answers2

1

If you create a file like this file:

/etc/init.d/.commonStuff

and put in it the commands you want to be common to all scripts: (without a '#!/usr/bin/bash' line)

# This code is meant to be included by another script.
ulimit -c unlimited
umask 027
THIS_VARIABLE="will exist once the include is completed"
export THIS_VALIABLE    # And now it is exportable too

then in each script you can add these line (in a convenient place):

# Include the common settings
. /etc/init.d/.commonStuff

the leading dot is the "include some other file" indicator.

Make sure that new file is protected, (i.e. owned by root), and remove the executable flag from it to make it clear it isn't meant to be executed on its own. (Access should be no more than 644).

cpu
  • 567
  • 4
  • 6
  • I found limits are loading properly for `Linux 3.13.0-32-generic` but it is not happening it with `Linux 3.2.0-68-virtual` even without doing the above stuff to add it in start) section or creating a common file in `/etc/init.d`. – Sasikiran Vaddi Oct 27 '14 at 11:30
  • I had something like that before happening and I found that the script was not started as a "root" user. My suggestion would be to add these lines to your script (I can't separate lines in a comment, so I use semicolon): ulimit >>/usr/tmp/mytrace ; id >>/usr/tmp/mytrace Those might help you figure out what is going on. – cpu Oct 27 '14 at 18:19
  • Thank you it worked for me. Is there any other way by which "ulimits" will be configured after start of every service. Now it is setting to 0 after a crash. Only when I restart service then it is getting picked up from /etc/security/limits and setting it to "unlimited" , instead of restarting if I start the core file size is setting to 0. – Sasikiran Vaddi Oct 29 '14 at 11:45
0

The files in /etc/init.d/ are pretty much all bash shell scripts. So this is a bit dirty but you could replace /bin/sh with a script but you have to be very careful how you do it so you don't bork your system in the process.

First create a file sh.wrap in the current directory with these contents:

#/bin/sh.real
ulimit -c unlimited
/bin/sh.real "$@"

Then install it like this:

chmod +x sh.wrap
sudo cp /bin/sh /bin/sh.real
sudo mv sh.wrap /bin/sh

This is a dirty hack but it could work for what you want to do.

I recommend you figure out why using /etc/security/limits.conf is not working for you and use this instead but I really hate "why would you do that?" answers.

jcoffland
  • 5,238
  • 38
  • 43