From nobody@FreeBSD.org  Tue Oct  7 18:32:51 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C13AD1065697
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  7 Oct 2008 18:32:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id B066D8FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  7 Oct 2008 18:32:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id m97IWpSN036304
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 7 Oct 2008 18:32:51 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id m97IWpos036303;
	Tue, 7 Oct 2008 18:32:51 GMT
	(envelope-from nobody)
Message-Id: <200810071832.m97IWpos036303@www.freebsd.org>
Date: Tue, 7 Oct 2008 18:32:51 GMT
From: Alex Keda <admin@lissyara.su>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Not work limits from login.conf
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         127929
>Category:       kern
>Synopsis:       Not work limits from login.conf
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 07 18:40:02 UTC 2008
>Closed-Date:    Tue Oct 07 20:12:37 UTC 2008
>Last-Modified:  Tue Oct 07 20:12:37 UTC 2008
>Originator:     Alex Keda
>Release:        6.x; 7.x
>Organization:
USSR
>Environment:
FreeBSD hosting.lissyara.su 7.0-RELEASE-p4 FreeBSD 7.0-RELEASE-p4 #0: Sat Sep  6 21:22:33 MSD 2008     lissyara@hosting.lissyara.su:/tmp/obj/usr/src/sys/hosting  amd64

>Description:
I have this in login.conf:
===============
# test
limited:\
        :cputime-cur=20s:\
        :cputime-max=30s:\
        :cputime=30s:\
        :tc=default:
===============
I have account:
===========
lissyara:*:1000:1000:limited:0:0:Alex Keda:/home/lissyara:/bin/csh
===========
if I login from ssh and run
hosting$ cat /dev/random > /dev/null
Cputime limit exceeded
hosting$

it work.
==========
else, if I login as root and execute 'su lissyara'
- it not work. I can get more then 30 seconds cpu time.

some programs -  for example - suexec from apache, run processes from another users - and limits not work =(
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:

From: Mateusz Guzik <mjguzik@gmail.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/127929: Not work limits from login.conf
Date: Tue, 7 Oct 2008 21:32:16 +0200

 Hi.
 
 Switching to another user by simple `su user` doesn't change resource
 limits (as noted in the man page).
 
 Programs like suexec just call setuid(), while resource limits must be
 applied separately. You can search for (or write your own) patches that
 implement support for resource limits in suexec, these are easy to find.
 
 Good luck,
 --
 Mateusz Guzik
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Tue Oct 7 20:12:36 UTC 2008 
State-Changed-Why:  
It's mentioned that this is documented behaviour and that extensions to 
suexec are easy enough to find. Not a FreeBSD issue therefor. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127929 
>Unformatted:
