On Tue, 12 Mar 2002 21:03, Wayne Tucker wrote: > On Tue, Mar 12, 2002 at 12:15:26PM +0100, Russell Coker wrote: > > BTW, why exactly do you need to have so many root owned processes? > > > > Every root owned process is a potential security hole. Is it possible to > > make some of these things use non-root? > > The server is running CommuniGate Pro, which must be run as root. I'm > not particularly comfortable with the idea myself, but since the > server is only doing email, then if somebody compromises the mail > software, they have control over everything important that happens on > the server anyhow. > > It looks like the real problem was actually the pam_limits module that > is being loaded from the various pam.d configuration files. It was
That's a bug. A daemon should not be using pam unless it's for a user login. I presume it was more than just the POP server having a problem... > doing a setrlimit(RLIMIT_NPROC, 256), which resulted in it not being > able to perform the various setuid/setgid calls and whatnot and then > spawn the login shell. Also you can edit /etc/security/limits.conf to change the settings... -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
