Home page logo
/

basics logo Security Basics mailing list archives

Re: User process limitations..
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 20 Feb 2003 17:25:49 -0700

On Thu, Feb 20, 2003 at 09:33:36AM -0000, Kenneth Hauklien wrote:
Hi

Is there any way to limit a users / groups processes? I run a shell/web 
server and want to limit them down to for example 2-3 processes. Is this 
possible in any way?

Thank you all in advance

Depends on the OS.

Solaris can limit the number of processes each user has, but this
applies to all users (including root, I think).  We cap things at 2000
to contain the" while(1) fork()" mishaps that happen when students
discover fork.

Limiting by groups is probably not supported.  It might be in Trusted
Solaris.

In /etc/system:
set maxuprc=<limit>

Linux has some limiting mechanism but I am hazy as to how.  pam_limits
leaps to mind, but just as quickly I am almost certain that isn't
right.

A better idea is Server virtualization (solaris9, VMS, vmWare).  Setup
containers that have memory and CPU use limits.  These are more what
you are trying to limit anyway.  People can go nuts within those
limits.  If they want 30 processes running that use no CPU, fine.  If
one process uses all their CPU allotment, to bad so sad.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]