mailing list archives
RE: User process limitations..
From: "Geert Hauwaerts" <geert () safeweb be>
Date: Fri, 21 Feb 2003 13:08:54 +0100
You could use ulimits (get and set user limitations). I use group defined
limits in the /etc/profile script. For example: (group users)
if [ "`id -g`" = "100" ]; then
ulimit -S -H -c 10 -f 50000 -l 50000 -d 50000 -v 50000 -m 50000 -s 1000 -u
30 -t 1800 -n 1024
They have this limitation: (processes who are exceeding this limitation are
core file size (blocks, -c) 10
data seg size (kbytes, -d) 50000
file size (blocks, -f) 50000
max locked memory (kbytes, -l) 50000
max memory size (kbytes, -m) 50000
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 1000
cpu time (seconds, -t) 1800
max user processes (-u) 30
virtual memory (kbytes, -v) 50000
Also check out /etc/security/limits.conf, it's about the same but limits are
in a file and not in a script. The file is well documented so adapting it to
your needs isn't that hard.
There is also a kernel module available which enforces resource limits on
every process in the system. http://freshmeat.net/projects/ulim/
Though I advise you not to set the limitation to 2 or 3 processes. If you
want to compile things you usually go up to about 10 processes.
Mvg, Geert Hauwaerts.
Certified Unix/Linux Administrator
* Geert Hauwaerts geert () safeweb be & geert () irssi org
* Linux: The choice of a GNU generation.
* Because rebooting is for adding new hardware.
* Windows: Just another pain in the glass.
* RTFM: Not just an acronym, it's the LAW!
From: Kenneth Hauklien [mailto:boomy () boomdrak no]
Sent: donderdag 20 februari 2003 10:34
To: security-basics () securityfocus com
Subject: User process limitations..
Is there any way to limit a users / groups processes? I run a shell/web
server and want to limit them down to for example 2-3 processes. Is this
possible in any way?
Thank you all in advance