-> Date: Sat, 2 Feb 2002 12:52:24 -0800 (PST)
-> From: Matthew Dillon <[EMAIL PROTECTED]>
-> To: Gaspar Chilingarov <[EMAIL PROTECTED]>
-> Cc: [EMAIL PROTECTED]
-> Subject: Re: fork rate limit
->
-> :Hi!
-> :
-> :Is it reasonable to administratively limit users' ability to call fork
-> :too other ? Users can take away too much CPU time even if you have
^^^ sorry, often, it's my typo :)
-> :limited them by login.conf 'cputime' limit - just forking lightweight
-> :processes too often.
-> :
-> :If it seems good thing to do, i'll try to code it and submit patches for
-> :-current.
-> :
-> :I think this limit must go to struct uidinfo, am i right ?
-> :Also i need to store per-user counters somewhere, can i place it there?
-> :
-> :--
-> :Gaspar Chilingarov
->
-> Well, we did make fork inherit the parent process's current
-> priority, so if a parent process forks() a lot it and its
-> children should get less cpu. Beyond that the system can't really
-> tell whether the cpu use is something the sysad wants (i.e. sa
-> y it's a web server) or something the sysad doesn't want (an
-> abusive user).
->
-> -Matt
i think SA can easily tell tehe system by assigning
different uids assigned to them :)
I've got such situation on our free shellbox set up in the
university - some newbies were kidding with old while(1) fork();
attack. Finnaly they got hit by memory limits set up for each
user, but anyway they were taking a lot of processor time. I
prefer to limit some uid's ability to do many forks in some
short period - like 'no more than 200 forks in 10 seconds' or
smthng like this.
--
Gaspar
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
