Find the answer to your Linux question:
Page 3 of 3 FirstFirst 1 2 3
Results 21 to 27 of 27
On gentoo, there is a /etc/security/limits.conf that can limit resources to any user on the box. I am sure redhat has the same since its apart of pam....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #21
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994

    On gentoo, there is a /etc/security/limits.conf that can limit resources to any user on the box. I am sure redhat has the same since its apart of pam.

  2. #22
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Code:
    blingbling genlee $ ulimit -aS
    core file size        (blocks, -c) 0
    data seg size         (kbytes, -d) unlimited
    file size             (blocks, -f) unlimited
    max locked memory     (kbytes, -l) unlimited
    max memory size       (kbytes, -m) unlimited
    open files                    (-n) 1024
    pipe size          (512 bytes, -p) 8
    stack size            (kbytes, -s) 8192
    cpu time             (seconds, -t) unlimited
    max user processes            (-u) 2047
    virtual memory        (kbytes, -v) unlimited
    Those are the limits I use but if this were say a shell sever I would have more restrictive memory limits.

  3. #23
    Just Joined!
    Join Date
    Mar 2003
    Posts
    12
    again to this topic please:

    a) how about users without shell? can they also be limited?
    b) how about programs which switch user-rights and then execute a "fork-bomb"? will they also be limited? with the rights of the "new" user?

  4. $spacer_open
    $spacer_close
  5. #24
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    Any user with or without a shell can have their resources limited. If they exist in /etc/passwd, you can limit anything to them. If you switch to another uid, you will be limited by the new uid you just switched to.

  6. #25
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Limits are inherited from the parent process when it forks, and are (of course) carried over execs. They can only be decreased further by a normal user; only the superuser is able to increase limits. If a program is suid root, it will of course be able to change its limits, but those programs usually don't do that (since that would be stupid). And, yes, RedHat does have /etc/security/limits.conf. Like genlee said, it would be strange otherwise since it's part of PAM. At least now you know that the path is the same in both distros. I don't know how to limit daemons like apache and mysql, though, since they don't go through the PAM chain. The easiest is probably to embed their startup in a shell script that calls ulimit before execing the daemon itself.

    Anyway, to get back to the original problem:
    I know that it's strange with the console not responding. Normally I would take that as an indication that the system was hung completely. That is effectively contradicted by the fact that the DNS daemon responds, though. Just try the program and see what fails and what does not. That's probably the easiest way to find out.
    It's too bad about it taking so long, though. However, since I don't even know why it crashes, I can't write a program which makes it crash prematurely. If I could do that, I would just fix it directly, right? =)

  7. #26
    Just Joined!
    Join Date
    Mar 2003
    Posts
    12
    And is there any way to see if these limits are reached? I mean, would it be possible to get a syslog-entry if a certain user allocated more than lets say 1000 PIDs or so? This way it would be possible to track down some problems in that area which are maybe caused by scripts running amok.

  8. #27
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Many daemons will report errors about being unable to fork to the syslog. However, the kernel doesn't report anything normally. If you want it to, you'll have to add a printk yourself. The code is in kernel/fork.c in your kernel tree. The function is called do_fork, and in it, just search for rlim[RLIMIT_PROC]. In my kernel version (2.4.20), it is on line 612. As you can see if you look at it, you can just add a printk before the goto that takes control out of the function. Useful stuff to print would be current->pid and current->user->uid.

    Did you know, by the way, that amok is really an indonesian word? It's about the same as running berserk, and was also originally used for warriors.

Page 3 of 3 FirstFirst 1 2 3

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •