Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ssh remote command execution and ulimit

Tags:

linux

ssh

ulimit

I have the following script:

cat > /tmp/script.sh <<EndOfScript
#!/bin/sh
ulimit -n 8192
run_app
EndOfScript

which runs smoothly locally, it is always ok. But if I try to run it remotely through ssh:

scp /tmp/script.sh user@host:/tmp/script.sh
ssh user@host "chmod 755 /tmp/script.sh; /tmp/script.sh"

I got the error:

ulimit: open files: cannot modify limit: Operation not permitted

I also tried the following command:

ssh user@host "ulimit -n 8192"

same error.

It looks like that ssh remote command execution is enforcing a 1024 hard limit on nofile limit, but I can not find out how to modify this default value. I tried to modify /etc/security/limits.conf and restart sshd, still the same error.

like image 956
Long Cheng Avatar asked Dec 11 '09 11:12

Long Cheng


People also ask

What is Ulimit command used for?

ulimit is a built-in Linux shell command that allows viewing or limiting system resource amounts that individual users consume. Limiting resource usage is valuable in environments with multiple users and system performance issues.

How do I pass a password using SSH in Linux?

You need to use the sshpass command to pass the password on Linux or Unix command-line. It is a utility designed for running ssh using the mode referred to as “keyboard-interactive” password authentication, but in non-interactive mode.


2 Answers

Instead of using the workaround of /etc/initscript (and do not make a typo in that file.. :), if you just want sshd to honor the settings you made in /etc/security/limits.conf, you should make sure you have UsePAM yes in /etc/ssh/sshd_config, and /etc/pam.d/sshd lists session required pam_limits.so (or otherwise includes another file that does so).

That should be all there is to it.

In older versions od openssh (<3.6 something) there was also a problem with UsePrivilegeSeparation that prevented limits being honored, but it was fixed in newer versions.

like image 131
sajb Avatar answered Sep 21 '22 16:09

sajb


Fiannly figured out the answer: add the following to /etc/initscript

ulimit -c unlimited
ulimit -HSn 65535
# Execute the program.
eval exec "$4"
like image 39
Long Cheng Avatar answered Sep 19 '22 16:09

Long Cheng