Yes, you’re right, it should be included in the configuration file.
/etc/pam.d/supervise-daemon:
#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
password required pam_deny.so
session optional pam_limits.so
@include common-account
@include common-session-noninteractive
use 'common-*' incorrectly. we only need common-account and common-session-nonintetactive.
this config should work well in debian.
On November 24, 2023 6:16:10 PM UTC, Mark Hindley <mark@???> wrote:
>Lorietta,
>
>On Fri, Nov 24, 2023 at 03:52:58AM +0000, meow wrote:
>> Example: Local DoS attack due to lack of PAM limits.
>> I think it’s safe to either include limits.so in /etc/pam. d/other, or
>> add a configuration for supervise-daemon.
>> Also, I have a question. What exactly is incompatible with debian in
>> the upstream version of this file? I added this file to my system and
>> everything works well, limits are applied and supervise-daemon
>> continues in normal mode.
>
>Debian uses pam-auth-update(8) to manage the addition of modules to
>/etc/pam.d/common-*. That will not work with the supplied upstream pam config.
>
>I am not a pam expert, but I *think* the Debian approach should be something
>like
>
>
>@include common-auth
>@include common-account
>@include common-password
>session optional pam_limits.so
>
>Does that work for you?
>
>Thanks
>
>Mark