diff options
| author | Dhaval Giani <dhaval@linux.vnet.ibm.com> | 2008-08-15 19:52:13 +0000 |
|---|---|---|
| committer | Dhaval Giani <dhaval@linux.vnet.ibm.com> | 2008-08-15 19:52:13 +0000 |
| commit | 3efa319b43fb1f66a96e5001c9e5cba51f854370 (patch) | |
| tree | c3eeed04678a1af925ec0ca7daa3b456070d80d8 /README | |
| parent | cd92488a0992f550d6f6bef4e5fa28bf8224f222 (diff) | |
| download | libcg-3efa319b43fb1f66a96e5001c9e5cba51f854370.tar.gz libcg-3efa319b43fb1f66a96e5001c9e5cba51f854370.tar.xz libcg-3efa319b43fb1f66a96e5001c9e5cba51f854370.zip | |
libcgroup: A simple pam module (pam_cgroup.so) for task placement in right cgroup
From: Vivek Goyal <vgoyal@redhat.com>
o A simple pam module pam_cgroup for placement of tasks in right cgroup.
Details are available in documentation.
o This pam module will be included in libcgroup source and not in
pam sources.
o Copyright notice looks little odd as I copied the original copyright
notice of pam_limits.c. Any suggestions for improvement are welcome.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
git-svn-id: https://libcg.svn.sourceforge.net/svnroot/libcg/trunk@162 4f4bb910-9a46-0410-90c8-c897d4f1cd53
Diffstat (limited to 'README')
| -rw-r--r-- | README | 24 |
1 files changed, 20 insertions, 4 deletions
@@ -50,7 +50,7 @@ cgroups. - Use pam_cgroup PAM plugin which will make sure users are placed in right cgroup at login time and any tasks launch after login, will continue to run - in user's cgroup. (PAM module is still on TODO list) + in user's cgroup. - Use command line tool "cgexec" to launch the task in right cgroup. @@ -113,14 +113,15 @@ Section 3: To use a pam plugin which will automatically place the task in right cgroup upon login. -- Download pam source tree and apply the patch for pam_cgroup module. - Build pam_cgroup.so - ./configure; make + make pam_cgroup.so - Copy pam_cgroup.so to /lib/security/ - Edit /etc/pam.d/su to make use of pam_cgroup.so session module upon execution of su. -example: Add following line to the end. +example: + Add following line at the end of /etc/pam.d/su file + session optional pam_cgroup.so - Now launch a shell for a user "xyz" using su and the resulting shell @@ -129,6 +130,21 @@ session optional pam_cgroup.so ex. "su test1" +Try similar things with other services like sshd. + +Note: pam_cgroup.so moves the service providing process in the right cgroup + and not the process which will be launched later. Due to parent child + relationship, yet to be forked/execed process will launch in right + group. + +Ex. Lets say user root does "su test1". In this case process "su" is the + one providing service (launching a shell) for user "test1". pam_cgroup.so + will move process "su" to the user "test1"'s cgroup (Decided by the uid + and gid of "test1"). Now once su forks/execs a shell for user test1, + final shell is effectively running in the cgroup it should have been + running based on /etc/cgrules.conf for user test1. + + Section 4: ---------- To use cgrulesengd which will move a task to right cgroup based on |