On Sun, Sep 02, 2018 at 01:59:46PM +0200, David Runge wrote:
.... The use of the plain /etc/security/limits.conf is discouraged over the use of drop-in files in /etc/security/limits.d anyways! Please use those!
Well, I have mixed feelings about these 'drop-in' directories which seem to pop up everywhere. They may be very convenient for 'vendors' (the one who introduced that concept to Linux should be shot) but they are are a security nightmare for the local admin. Instead of having to check one file which defines some policy, you now have to check a whole collection every time some 'vendor' could have 'dropped' something. Somehow this reminds me of dogs. Take systemd's logind. You have to verify a config file and *three* directories in order to have any idea of how things are configured in the end. And oh, yes, you can override everything in /etc. But that effectively means you need to opt out of whatever some 'vendor' pushes down your throat. Not once, but everytime you update. Re. this 'realtime' group: I don't like that either. Groups define a set of users with common needs. So *all* features or permissions that members of a group need should be made dependent on being a member of that group and nothing else. This is entirely the opposite of defining groups for one particular feature such as real time and then requiring users to be a member of all of them. For what it's worth, I noticed that after upgrading to kernel 4.18 I had to increase the memlock limit to avoid error messages almost all audio applications. Ciao, -- FA