Home page logo
/

basics logo Security Basics mailing list archives

RE: User process limitations..
From: "Geert Hauwaerts" <geert () safeweb be>
Date: Fri, 21 Feb 2003 13:08:54 +0100



Dear Sir,

You could use ulimits (get and set user limitations). I use group defined
limits in the /etc/profile script. For example: (group users)

if [ "`id -g`" = "100" ]; then
  ulimit -S -H -c 10 -f 50000 -l 50000 -d 50000 -v 50000 -m 50000 -s 1000 -u
30 -t 1800 -n 1024
fi

They have this limitation: (processes who are exceeding this limitation are
killed)

core file size        (blocks, -c) 10
data seg size         (kbytes, -d) 50000
file size             (blocks, -f) 50000
max locked memory     (kbytes, -l) 50000
max memory size       (kbytes, -m) 50000
open files                    (-n) 1024
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) 1000
cpu time             (seconds, -t) 1800
max user processes            (-u) 30
virtual memory        (kbytes, -v) 50000

Also check out /etc/security/limits.conf, it's about the same but limits are
in a file and not in a script. The file is well documented so adapting it to
your needs isn't that hard.

There is also a kernel module available which enforces resource limits on
every process in the system. http://freshmeat.net/projects/ulim/

Though I advise you not to set the limitation to 2 or 3 processes. If you
want to compile things you usually go up to about 10 processes.

Mvg, Geert Hauwaerts.
Certified Unix/Linux Administrator

/*
* Geert Hauwaerts geert () safeweb be & geert () irssi org
* -----------------------------------------------------
*   Linux: The choice of a GNU generation.
*          Because rebooting is for adding new hardware.
*          Windows: Just another pain in the glass.
*          RTFM: Not just an acronym, it's the LAW!
*/

-----Original Message-----
From: Kenneth Hauklien [mailto:boomy () boomdrak no]
Sent: donderdag 20 februari 2003 10:34
To: security-basics () securityfocus com
Subject: User process limitations..




Hi

Is there any way to limit a users / groups processes? I run a shell/web
server and want to limit them down to for example 2-3 processes. Is this
possible in any way?

Thank you all in advance

Kenneth Hauklien
Norway


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]