Thanks for the explanations - unfortunately adding that line didn't make any difference at all!

I tried adding a nonsense line to see if anything would be reported in the auth.log (or indeed the system lg, the dmesg, anything I could find) and... nothing.

I did find one online report of the inverse problem - the user could set ulimits when logged in via VNC but *not* when ssh loggedin . That didn't help either :-(

This really is weird...

Are there no other listers using ubuntu via VNC?

> On 2023-01-08, at 11:44 PM, Bruce O'Neel <bruce.oneel at pckswarms.ch> wrote:
> 
> Hi,
> 
> So by the time that the shell is started, and whether or not it is a login shell is determined, pam has finished all of her work.
> 
> A bit of probably pointless background.
> 
> pam was designed so that there were pluggable ways of expanding how authentication and authorisation is done at login.   This way you can authenticate with a password and authorise with /etc/passwd and /etc/groups like we old timers do.  Or you can authenticate with ldap and authorise with a local set of groups, or use Active Directory for authentication and then ldap for authorisation, etc.
> 
> The limits setting is in the authorisation step.  A quick look on my ubuntu based system shows that limits is called fo:
> 
> * cron
> * lightdm - the GUI login manger.
> * sshd - for ssh
> * su
> * sudo
> 
> Where on my PI it is called for
> 
> * cron
> * lightdm
> * login
> * sshd
> * su
> * vncserver.
> 
> Now I use xrdp and it is not called in that case and I have tested that limits are not set.
> 
> I'm guessing if one added in the line
> 
> session optional pam_limits.so
> 
> to which ever file is the vnc server file in /etc/pam.d on your ubuntu it would work.  
> 
> cheers
> bruce
> On 2023-01-09T03:09:14.000+01:00, tim Rowledge <tim at rowledge.org> wrote:
> The only additional suggestion I've received that might possibly make some sense is "is this an issue of login vs non-login shell?" Does that trigger any ideas for anyone?
> 
> And possibly of some value, I note that the config of Raspberry Pi OS does not have this problem; connecting via VNC results in an environment where the ulimit -r value is what we need. I tried poking around at the assorted directories but the limits and pam stuff are sufficiently different that it makes no sense to me.
> 
> On 2023-01-04, at 3:02 PM, tim Rowledge <tim at rowledge.org> wrote:
> 
> After looking at various file in the /etc/pam.d directory, I also tried adding the 
> session required pam_limits.so
> line into the 
> - /etc/pam.d/common-session
> - /etc/pam.d/tigervnc file
> 
> ... with no visible effect.
> 
> And between each attempt I actually rebooted the machine, so it's definitely getting it's chance.
> 
> So the current status is that
> - if I log in via ssh from my iMac, the ulimit -r result is what we want
> - if I try from a terminal running via the VNC desktop, it is not what we want.
> - if Squeak is run within a systemd file, it works by virtue of the LimitRTPRIO=2 command
> 
> The system is x64 xubuntu with tigerVNC added. It may be of note that tigerVNC is running from a systemd file and that it seems to stop occasionally and require a manual restart. 
> 
> tim
> --
> tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
> Useful random insult:- Full of wisdumb.
> 
> 
> 
> 
> 
> 
> tim
> --
> tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
> Strange OpCodes: SEOB: Set Every Other Bit



tim
--
tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
boutique - a startling hardwood