Re: User process limitations..

From: camthompson (camthompson@shaw.ca)
Date: 02/22/03

  • Next message: Bill Roe: "RE: User process limitations.."
    Date: Sat, 22 Feb 2003 11:52:52 -0700
    From: camthompson <camthompson@shaw.ca>
    To: security-basics@securityfocus.com
    
    

    To enable user quotas on a partition in redhat ( dont know about other
    linuxes), add "usrquota" after "defaults" or whatever you have in its
    place in the fstab.... to edit a quota, type "edquota -u <username>";
    might wanna read the man page on it first before you go editing away.
    Also you might wanna check out "ulimit".

    Brad Arlt wrote:

    >On Thu, Feb 20, 2003 at 09:33:36AM -0000, Kenneth Hauklien wrote:
    >
    >
    >>Hi
    >>
    >>Is there any way to limit a users / groups processes? I run a shell/web
    >>server and want to limit them down to for example 2-3 processes. Is this
    >>possible in any way?
    >>
    >>Thank you all in advance
    >>
    >>
    >
    >Depends on the OS.
    >
    >Solaris can limit the number of processes each user has, but this
    >applies to all users (including root, I think). We cap things at 2000
    >to contain the" while(1) fork()" mishaps that happen when students
    >discover fork.
    >
    >Limiting by groups is probably not supported. It might be in Trusted
    >Solaris.
    >
    >In /etc/system:
    >set maxuprc=<limit>
    >
    >Linux has some limiting mechanism but I am hazy as to how. pam_limits
    >leaps to mind, but just as quickly I am almost certain that isn't
    >right.
    >
    >A better idea is Server virtualization (solaris9, VMS, vmWare). Setup
    >containers that have memory and CPU use limits. These are more what
    >you are trying to limit anyway. People can go nuts within those
    >limits. If they want 30 processes running that use no CPU, fine. If
    >one process uses all their CPU allotment, to bad so sad.
    >-----------------------------------------------------------------------
    > __o Bradley Arlt Security Team Lead
    > _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
    >(_)/(_) I should be biking right now. Computer Science
    >
    >
    >
    >



    Relevant Pages

    • Re: User process limitations..
      ... > Solaris can limit the number of processes each user has, ... > discover fork. ... > Linux has some limiting mechanism but I am hazy as to how. ... If they want 30 processes running that use no CPU, ...
      (Security-Basics)
    • Re: Ping: Don Nichols re. Sun workstation
      ... It isn't a command that was introduced with Solaris ... PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND ... My favourite browser is Netscape 7. ... Sun. (Jove tended to have troubles compiling under gcc, ...
      (rec.crafts.metalworking)
    • Re: pthread and multiple CPU
      ... First question is: ... does it guarantee that each CPU has one thread? ... because the Solaris scheduler will ... Don't try to prevent the O/S' scheduler ...
      (comp.programming.threads)
    • Re: Gigaswift adapter in an old e250
      ... our solaris and linux clients. ... I believe I tracked it down to the gigaswift board being too fast for the 2 400MHz CPUs. ... cpu power for 1 MHz of ethernet speed, so I knew I was cutting it close. ... is not ZFS more CPU intensive that UFS? ...
      (comp.sys.sun.hardware)
    • Gigaswift adapter in an old e250
      ... our solaris and linux clients. ... file transfer, the machine goes from 50% to 70% kernel. ... cpu utilization to around 35%. ...
      (comp.sys.sun.hardware)