Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2006-06-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/Makefile.am: Include Make.xml.rules.
        * modules/pam_limits/limits.conf.5: New, generated from xml file.
        * modules/pam_limits/limits.conf.5.xml: New.
        * modules/pam_limits/pam_limits.8: New, generated from xml file.
        * modules/pam_limits/pam_limits.8.xml: New.
        * modules/pam_limits/README.xml: New.
        * modules/pam_limits/README: Regenerated from README.xml.

1 files changed, 39 insertions, 102 deletions

diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index a4f07e32..adab19df 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -1,113 +1,50 @@
+pam_limits — PAM module to limit resources
 
-pam_limits module:
-	Imposing user limits on login.
-
-THEORY OF OPERATION:
-
-First, make a root-only-readable file (/etc/security/limits.conf by
-default or INSTALLED_CONFILE defined Makefile) that describes the
-resource limits you wish to impose. No priority changes and login 
-limit checks are done on UID 0 accounts.
-
-Each line describes a limit for a user in the form:
-
-<domain>	<type>	<item>	<value>
-
-Where:
-<domain> can be:
-	- an user name
-	- a group name, with @group syntax
-	- the wildcard *, for default entry
-
-<type> can have the three values:
-	- "soft" for enforcing the soft limits
-	- "hard" for enforcing hard limits
-        - "-" for enforcing both soft and hard limits
-
-<item> can be one of the following:
-	- core - limits the core file size (KB)
-	- data - max data size (KB)
-	- fsize - maximum filesize (KB)
-	- memlock - max locked-in-memory address space (KB)
-	- nofile - max number of open files
-	- rss - max resident set size (KB)
-	- stack - max stack size (KB)
-	- cpu - max CPU time (MIN)
-	- nproc - max number of processes
-	- as - address space limit
-	- maxlogins - max number of logins for this user
-	- maxsyslogins - max number of logins on the system
-	- priority - lower the priority by given value (value can be -ve)
-	- locks - max locked files (Linux 2.4 and higher)
-	- sigpending - max number of pending signals (Linux 2.6 and higher)
-	- msgqueue - max memory used by POSIX message queues (bytes) 
-	  (Linux 2.6 and higher)
-	- nice - max nice priority allowed to raise to (Linux 2.6.12 and higher)
-	- rtprio - max realtime priority allowed for non-priviledged
-          processes (Linux 2.6.12 and higher)
-
-Note, if you specify a type of '-' but neglect to supply the item and
-value fields then the module will never enforce any limits on the
-specified user/group etc. .
-
-Please remember that individual limits have priority over group
-limits, so if you impose no limits for admin group, but one of the
-members in this group has a limits line, the user will have its limits
-set according to this line.
-
-Also, please note that all limit settings are set PER LOGIN.  They are
-not global, nor are they permanent (they apply for the session only).
-
-In the LIMITS_FILE, the # character introduces a comment - the rest of the
-line is ignored.
-
-The pam_limits module does its best to report configuration problems found
-in LIMITS_FILE via syslog.
-
-EXAMPLE configuration file:
-===========================
-*               soft    core            0
-*               hard    rss             10000
-@student        hard    nproc           20
-@faculty        soft    nproc           20
-@faculty        hard    nproc           50
-ftp             hard    nproc           0
-@student        -       maxlogins       4
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_limits PAM module sets limits on the system resources that can be
+obtained in a user-session. Users of uid=0 are affected by this limits, too.
+
+By default limits are taken from the /etc/security/limits.conf config file.
+
+OPTIONS
 
+change_uid
 
-ARGUMENTS RECOGNIZED:
-    debug		verbose logging
+    Change real uid to the user for who the limits are set up. Use this option
+    if you have problems like login not forking a shell for user who has no
+    processes. Be warned that something else may break when you do this.
 
-    conf=/path/to/file	the limits configuration file if different from the
-			one set at compile time.
+conf=/path/to/limits.conf
 
-    change_uid		change real uid to the user for who the limits
-    			are set up.  Use this option if you have problems
-			like login not forking a shell for user who has
-			no processes.  Be warned that something else
-			may break when you do this.
+    Indicate an alternative limits.conf style configuration file to override
+    the default.
 
-    utmp_early		some broken applications actually allocate a
-			utmp entry for the user before the user is
-			admitted to the system. If the service you are
-			configuring PAM for does this, you can use
-			this module argument to compensate for this
-			brokenness.
+debug
 
-MODULE SERVICES PROVIDED:
-	session            _open_session and _close_session (blank)
+    Print debug information.
 
-USAGE:
-	For the services you need resources limits (login for example) put a
-	the following line in /etc/pam.conf as the last line for that
-	service (usually after the pam_unix session line:
+utmp_early
 
-	login   session    required     /lib/security/pam_limits.so
+    Some broken applications actually allocate a utmp entry for the user before
+    the user is admitted to the system. If some of the services you are
+    configuring PAM for do this, you can selectively use this module argument
+    to compensate for this behavior and at the same time maintain system-wide
+    consistency with a single limits.conf file.
+
+EXAMPLES
+
+These are some example lines which might be specified in /etc/security/
+limits.conf.
+
+*               soft    core            0
+*               hard    rss             10000
+@student        hard    nproc           20
+@faculty        soft    nproc           20
+@faculty        hard    nproc           50
+ftp             hard    nproc           0
+@student        -       maxlogins       4
 
-	Replace "login" for each service you are using this module, replace
-	"/lib/security" path with your real modules path.
 
-AUTHOR:
-        Cristian Gafton <gafton@redhat.com>
-	Thanks to Elliot Lee <sopwith@redhat.com> for his comments on
-	improving this module, and Jens Sorensen for Linux 2.4 updates.