On 28/01/2019 15.14, Brent Busby wrote:
Jacek Konieczny <jajcus(a)jajcus.net> writes:
When using systemd to start the service, use
systemd directives to set
the limits. systemd won't start PAM session for this service, so
/etc/security/limits.conf is not used.
Which kind of defeats the purpose of PAM being a central configuration
for all your machine's security policies, doesn't it?
PAM is not a central configuration for machine's security polices. It
has never been. PAM is just used for setting up user login sessions.
PAM has no relations to processes running with user credentials outside
of a login session and Jack server is not a service which necessarily
needs to be bound to a used session. Especially in an embedded scenario,
like a Raspberry Pi-based system.
Setting up a user-session via PAM is an overkill for a system-wide
daemon (and jack becomes such in this use case) and setting process
limits for such a daemon in through the init process is the best place
to do it.
Someday soon, if Red Hat keeps taking Linux in this
direction, every
config file in /etc will be like this, vestigial remains of a time when
Linux machines were setup similar to other UNIX systems, now no longer
used by any facility on your machine. Hail, systemd!
Although some systemd based setups had problems with PAMs settings being
ignored in a user session, this is not the case.
Starting jackd from /etc/systemd/system unit is like starting it from
/etc/init.d script. PAM wouldn't be used there (unless someone forces it
through 'su -') even long time before systemd was a thing.
Jacek