Home page logo

basics logo Security Basics mailing list archives

Re: User process limitations..
From: camthompson <camthompson () shaw ca>
Date: Sat, 22 Feb 2003 11:52:52 -0700

To enable user quotas on a partition in redhat ( dont know about other linuxes), add "usrquota" after "defaults" or whatever you have in its place in the fstab.... to edit a quota, type "edquota -u <username>"; might wanna read the man page on it first before you go editing away. Also you might wanna check out "ulimit".

Brad Arlt wrote:

On Thu, Feb 20, 2003 at 09:33:36AM -0000, Kenneth Hauklien wrote:

Is there any way to limit a users / groups processes? I run a shell/web server and want to limit them down to for example 2-3 processes. Is this possible in any way?

Thank you all in advance

Depends on the OS.

Solaris can limit the number of processes each user has, but this
applies to all users (including root, I think).  We cap things at 2000
to contain the" while(1) fork()" mishaps that happen when students
discover fork.

Limiting by groups is probably not supported.  It might be in Trusted

In /etc/system:
set maxuprc=<limit>

Linux has some limiting mechanism but I am hazy as to how.  pam_limits
leaps to mind, but just as quickly I am almost certain that isn't

A better idea is Server virtualization (solaris9, VMS, vmWare).  Setup
containers that have memory and CPU use limits.  These are more what
you are trying to limit anyway.  People can go nuts within those
limits.  If they want 30 processes running that use no CPU, fine.  If
one process uses all their CPU allotment, to bad so sad.
  __o           Bradley Arlt                    Security Team Lead
_ \<_                arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]