Rtlimits-enabled pam

From Rivendell Wiki

Jump to: navigation, search


Setting up PAM for running Rivendell with real priorities

Background on PAM limits

From pam_limits - limit resources Chapter 6. A reference guide for available modules

The pam_limits PAM module sets limits on the system resources that can be obtained in a user-session. Users of uid=0 are affected by this limits, too.

By default limits are taken from the /etc/security/limits.conf config file. Then individual *.conf files from the /etc/security/limits.d/ directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. If a config file is explicitly specified with a module option then the files in the above directory are not parsed.

How to set up real time limits for Rivendell

That said we do not need to edit /etc/security/limits.conf we can make our own "rivendell.conf" file and place it in the /etc/security/limits.d folder. That said here is an example. This example assumes that your AudioGroup=rivendell in the Rivendell configuration file /etc/rd.conf. If not change rivendell in the lines below to your group name. Note: you need the @ at the beggining of the group name other wise PAM will look for a user instead of a group.

# /etc/security/limits.d/rivendell.conf
@rivendell - rtprio 99
@rivendell - memlock unlimited
@rivendell - nice -10

Save this as /etc/security/limits.d/rivendell.conf Note: If you want to change the file name that is ok but it must end with .conf.

From an email on jackit-devel@lists.sourceforge.net

You definitely *do* need a rtlimits-enabled pam and set up
/etc/security/limits.conf accordingly by adding something like this:

@audio         -       nice            -10
@audio         -       rtprio          99
@audio         -       memlock         unlimited

and put yourself in group audio. This doesn't have anything to do with
the kernel version you run, you need to do this for any (newer)

It doesn't make your kernel run any better, but it allows you to
elevate the priority of applications as a non-root user. Without this,
even a highly tuned kernel will be of no use to non-root users.

One thing people often get confused about when hearing the term
"realtime" is that tuning and optimizing realtime operation on one
hand and managing access to what realtime features available on the
other hand are different issues.

You can tune your realtime kernel with various kernel options,
interrupt tuning etc. And you manage access to realtime features with
libpam/limits.conf. However without allowing access to the realtime
features with libpam, all your tuning effort would be in vain.

 Frank Barknecht                 _ ______footils.org_ __goto10.org__
Personal tools