Bug#929652: systemd: sshd processes are not put into the correct slice/scope

Mon May 27 23:00:24 BST 2019

Control: tags -1 + moreinfo

Am 27.05.19 um 23:03 schrieb Simon Beirnaert:
> Package: systemd
> Version: 232-25+deb9u11
> Severity: normal
> 
> Dear Maintainer,
> 
> 
> Systemd does not seem to consistently put sshd processes under the
> relevant user's slice. I have a user with 10925 sshd processes related
> to its sessions. 7552 of those are put under session scopes in the
> user's slice. 3372 are put under system.slice (ssh.service). The ones
> under the user slice are neatly grouped into session scopes whereas
> the ones under the system slice are not.
> 
> This is making it impossible to put accurate limits to the sshd
> processes, or the user's processes. I can set TasksMax, but that only
> has a value if the tasks are counted correctly.
> 
> If there's any more information needed to debug this, please let me
> know.

You need to have libpam-systemd enabled and PAM support in sshd as well
for processes spawned from an SSH session to be put in the user slice.

~11000 sshd processes for one user seems unusual. What kind of setup is
this? Are you sure all those sshd processes were going through the PAM
stack?
You might add the "debug" flag to the pam_systemd.so config to get more
information.
What do you get from pam_systemd.so for an exemplary sshd process which
is not put into the user slice? Do you get anything in the journal from
systemd-logind for this process?
You can increase what's being logged by systemd-logind with
"systemd-analyze log-level"

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190528/e54349e7/attachment-0001.sig>