Security Basics mailing list archives
RE: User process limitations..
From: "Geert Hauwaerts" <geert () safeweb be>
Date: Fri, 21 Feb 2003 13:08:54 +0100
Dear Sir, You could use ulimits (get and set user limitations). I use group defined limits in the /etc/profile script. For example: (group users) if [ "`id -g`" = "100" ]; then ulimit -S -H -c 10 -f 50000 -l 50000 -d 50000 -v 50000 -m 50000 -s 1000 -u 30 -t 1800 -n 1024 fi They have this limitation: (processes who are exceeding this limitation are killed) core file size (blocks, -c) 10 data seg size (kbytes, -d) 50000 file size (blocks, -f) 50000 max locked memory (kbytes, -l) 50000 max memory size (kbytes, -m) 50000 open files (-n) 1024 pipe size (512 bytes, -p) 8 stack size (kbytes, -s) 1000 cpu time (seconds, -t) 1800 max user processes (-u) 30 virtual memory (kbytes, -v) 50000 Also check out /etc/security/limits.conf, it's about the same but limits are in a file and not in a script. The file is well documented so adapting it to your needs isn't that hard. There is also a kernel module available which enforces resource limits on every process in the system. http://freshmeat.net/projects/ulim/ Though I advise you not to set the limitation to 2 or 3 processes. If you want to compile things you usually go up to about 10 processes. Mvg, Geert Hauwaerts. Certified Unix/Linux Administrator /* * Geert Hauwaerts geert () safeweb be & geert () irssi org * ----------------------------------------------------- * Linux: The choice of a GNU generation. * Because rebooting is for adding new hardware. * Windows: Just another pain in the glass. * RTFM: Not just an acronym, it's the LAW! */ -----Original Message----- From: Kenneth Hauklien [mailto:boomy () boomdrak no] Sent: donderdag 20 februari 2003 10:34 To: security-basics () securityfocus com Subject: User process limitations.. Hi Is there any way to limit a users / groups processes? I run a shell/web server and want to limit them down to for example 2-3 processes. Is this possible in any way? Thank you all in advance Kenneth Hauklien Norway
Current thread:
- User process limitations.. Kenneth Hauklien (Feb 20)
- Re: User process limitations.. Brad Arlt (Feb 20)
- Re: User process limitations.. Tarun Dua (Feb 22)
- Re: User process limitations.. camthompson (Feb 22)
- Re: User process limitations.. Nick Shapley (Feb 22)
- Re: User process limitations.. Julian Plamann (Feb 22)
- Re: User process limitations.. Johan De Meersman (Feb 22)
- RE: User process limitations.. Geert Hauwaerts (Feb 22)
- RE: User process limitations.. Bill Roe (Feb 22)
- <Possible follow-ups>
- Re: User process limitations.. Kenneth Hauklien (Feb 22)
- Re: User process limitations.. David M. Fetter (Feb 22)
- Re: User process limitations.. Brad Arlt (Feb 20)