Bug#594377: sudo resets niceness

Tue, 31 May 2011 20:33:20 -0700 

tags 594377 confirmed
retitle 594377 pam_limits: don't change niceness for root
thanks

On Fri, Aug 27, 2010 at 03:39:29PM +0200, martin f krafft wrote:
> also sprach Bdale Garbee <bd...@gag.com> [2010.08.25.2103 +0200]:
> > Since the issue really seems to be undocumented defaults in pam_limits,
> > I'm reassigning this bug for resolution there.

> Since sudo uses pam_limits while su does not, maybe a note about the
> default behaviour — whether intended or not — should be added to the
> manpage so that one could find it searching for /nice/.

This behavior is the result of a Debian-specific patch to pam_limits that's
been carried for over a decade; it was added specifically *so that* the
default behavior of pam_limits would be sensible for su (i.e., that when user
foo has a low limit configured in limits.conf, and user bar has no limit
configured, su from foo to bar restores a sensible default).  So it's
strange that su doesn't use pam_limits by default where sudo does.

Note that for the most part, the defaults being applied are passed through
from the kernel.  (As a practical matter, in squeeze and earlier pam_limits
actually shadows the known kernel defaults; in wheezy and beyond, pam_limits
will instead pass through the kernel defaults by parsing /proc/1/limits.) So
we could document this fact with a pointer to /proc/1/limits (patch
welcome), but should not hard-code here any mention of specific values for
limits.

Now, as for the specific problem described here, namely sudo resetting the
niceness of the running process:  the Debian patch includes code that
special cases root here, setting the niceness back to 0 (the Unix default)
if it's currently set higher.  But this seems to be the case where it's
*least* beneficial to reset the niceness, because the superuser can just
raise the priority themselves if they need to anyway!  So I'm confirming
this bug; we should probably just revert that part of the Debian patch and
leave process priorities unmodified unless explicitly overridden in
limits.conf.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slanga...@ubuntu.com                                     vor...@debian.org

Attachment: signature.asc
Description: Digital signature

Reply via email to