Security Basics mailing list archives

RE: User process limitations..

From: "Geert Hauwaerts" <geert () safeweb be>
Date: Fri, 21 Feb 2003 13:08:54 +0100



Dear Sir,

You could use ulimits (get and set user limitations). I use group defined
limits in the /etc/profile script. For example: (group users)

if [ "`id -g`" = "100" ]; then
  ulimit -S -H -c 10 -f 50000 -l 50000 -d 50000 -v 50000 -m 50000 -s 1000 -u
30 -t 1800 -n 1024
fi

They have this limitation: (processes who are exceeding this limitation are
killed)

core file size        (blocks, -c) 10
data seg size         (kbytes, -d) 50000
file size             (blocks, -f) 50000
max locked memory     (kbytes, -l) 50000
max memory size       (kbytes, -m) 50000
open files                    (-n) 1024
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) 1000
cpu time             (seconds, -t) 1800
max user processes            (-u) 30
virtual memory        (kbytes, -v) 50000

Also check out /etc/security/limits.conf, it's about the same but limits are
in a file and not in a script. The file is well documented so adapting it to
your needs isn't that hard.

There is also a kernel module available which enforces resource limits on
every process in the system. http://freshmeat.net/projects/ulim/

Though I advise you not to set the limitation to 2 or 3 processes. If you
want to compile things you usually go up to about 10 processes.

Mvg, Geert Hauwaerts.
Certified Unix/Linux Administrator

/*
* Geert Hauwaerts geert () safeweb be & geert () irssi org
* -----------------------------------------------------
*   Linux: The choice of a GNU generation.
*          Because rebooting is for adding new hardware.
*          Windows: Just another pain in the glass.
*          RTFM: Not just an acronym, it's the LAW!
*/

-----Original Message-----
From: Kenneth Hauklien [mailto:boomy () boomdrak no]
Sent: donderdag 20 februari 2003 10:34
To: security-basics () securityfocus com
Subject: User process limitations..




Hi

Is there any way to limit a users / groups processes? I run a shell/web
server and want to limit them down to for example 2-3 processes. Is this
possible in any way?

Thank you all in advance

Kenneth Hauklien
Norway

Current thread:

User process limitations.. Kenneth Hauklien (Feb 20)
- Re: User process limitations.. Brad Arlt (Feb 20)
  - Re: User process limitations.. Tarun Dua (Feb 22)
  - Re: User process limitations.. camthompson (Feb 22)
  - Re: User process limitations.. Nick Shapley (Feb 22)
- Re: User process limitations.. Julian Plamann (Feb 22)
- Re: User process limitations.. Johan De Meersman (Feb 22)
- RE: User process limitations.. Geert Hauwaerts (Feb 22)
- RE: User process limitations.. Bill Roe (Feb 22)
- <Possible follow-ups>
- Re: User process limitations.. Kenneth Hauklien (Feb 22)
  - Re: User process limitations.. David M. Fetter (Feb 22)