Hi,

So by the time that the shell is started, and whether or not it is a
login shell is determined, pam has finished all of her work.

A bit of probably pointless background.

pam was designed so that there were pluggable ways of expanding how
authentication and authorisation is done at login.   This way you can
authenticate with a password and authorise with /etc/passwd and
/etc/groups like we old timers do.  Or you can authenticate with ldap
and authorise with a local set of groups, or use Active Directory for
authentication and then ldap for authorisation, etc.

The limits setting is in the authorisation step.  A quick look on my
ubuntu based system shows that limits is called fo:

* cron

* lightdm - the GUI login manger.

* sshd - for ssh

* su

* sudo

Where on my PI it is called for

* cron

* lightdm

* login

* sshd

* su

* vncserver.

Now I use xrdp and it is not called in that case and I have tested
that limits are not set.

I'm guessing if one added in the line

session optional pam_limits.so

to which ever file is the vnc server file in /etc/pam.d on your ubuntu
it would work.  

cheers

bruce

On 2023-01-09T03:09:14.000+01:00, tim Rowledge <tim at rowledge.org>
wrote:

> The only additional suggestion I've received that might possibly make some sense is "is this an issue of login vs non-login shell?" Does that trigger any ideas for anyone?
> 
> And possibly of some value, I note that the config of Raspberry Pi OS does not have this problem; connecting via VNC results in an environment where the ulimit -r value is what we need. I tried poking around at the assorted directories but the limits and pam stuff are sufficiently different that it makes no sense to me.
> 
>>  On 2023-01-04, at 3:02 PM, tim Rowledge <tim at rowledge.org> wrote:
>>  
>>  After looking at various file in the /etc/pam.d directory, I also
>>  tried adding the 
>>  session required pam_limits.so [http://limits.so]
>>  line into the 
>>  - /etc/pam.d/common-session
>>  - /etc/pam.d/tigervnc file
>>  
>>  ... with no visible effect.
>>  
>>  And between each attempt I actually rebooted the machine, so it's
>>  definitely getting it's chance.
>>  
>>  So the current status is that
>>  - if I log in via ssh from my iMac, the ulimit -r result is what
>>  we want
>>  - if I try from a terminal running via the VNC desktop, it is not
>>  what we want.
>>  - if Squeak is run within a systemd file, it works by virtue of
>>  the LimitRTPRIO=2 command
>>  
>>  The system is x64 xubuntu with tigerVNC added. It may be of note
>>  that tigerVNC is running from a systemd file and that it seems to
>>  stop occasionally and require a manual restart. 
>>  
>>  tim
>>  --
>>  tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
>>  Useful random insult:- Full of wisdumb.
> 
> tim
> --
> tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
> Strange OpCodes: SEOB: Set Every Other Bit

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20230109/519652db/attachment-0001.html>