Professional Documents
Culture Documents
Code:
root@testserver # useradd -d /export/home/george -m george
64 blocks
root@testserver # passwd george
New Password:
Re-enter new Password:
passwd: password successfully changed for george
root@testserver # tail -1 /etc/passwd
george:x:102:1::/export/home/george:/bin/sh
Now we create new project and set new value for process.max-stack-size:
Code:
root@testserver # projadd user.george
root@testserver # projmod -sK "process.max-stack-size=(basic,16384k,deny)"
user.george
root@testserver # tail -1 /etc/project
user.george:101::::process.max-stack-size=(basic,16777216,deny)
root@testserver # id -p george
uid=102(george) gid=1(other) projid=101(user.test)
As you can see, I didn't use any special command to assign this project for user george. It is
possible, because I use special name for project "user.george". With this method I can also assign
default project for group. I just must use "group.groupname".
In your example project is assigned to user george but it is not the default project.
You can check that with command projects. You should get something like this:
Code:
# projects
default accountusers
To set accountusers as default project for user george with your method you should add the
folowing line in file /etc/user_attr
Code:
george::::project=accountusers
I'm not sure what was your intention, but you set max-stack-size only to 16 kilobytes, so you get
Segmentation Fault.
In my example I use 16384k notation and in /etc/project we can see 16777216.
Now we can log as george and check our configuration:
Code:
root@testserver # su - george
george@testserver # id -p
uid=102(george) gid=1(other) projid=101(user.george)
george@testserver # prctl -n process.max-stack-size $$
process: 21059: -sh
NAME
PRIVILEGE
VALUE
FLAG
ACTION
process.max-stack-size
basic
16,0MB
deny
21059
system
8,00EB
max
deny
-
RECIPIENT
I'm not sure but I think that you don't need to set up pfcsh. It is shell used when we setup RBAC
but RBAC is not used in this case.
It still puzzles me that (basic,16384,deny) worked for /usr/bin/sh & /usr/bin/ksh yet only
(basic,16777216,deny) will worked for /usr/bin/csh. In other word, we dont need
/usr/bin/pfcsh but make sure that (basic,16777216,deny) is set instead.
Thank you so much for both of your help,