From owner-freebsd-questions Wed Aug 4 18:16:43 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dt011n65.san.rr.com (dt011n65.san.rr.com [204.210.13.101]) by hub.freebsd.org (Postfix) with ESMTP id 2EC4E151A5 for ; Wed, 4 Aug 1999 18:16:40 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from localhost (doug@localhost) by dt011n65.san.rr.com (8.8.8/8.8.8) with ESMTP id SAA25527 for ; Wed, 4 Aug 1999 18:16:17 -0700 (PDT) (envelope-from Doug@gorean.org) Date: Wed, 4 Aug 1999 18:16:17 -0700 (PDT) From: Doug X-Sender: doug@dt011n65.san.rr.com To: freebsd-questions@freebsd.org Subject: login.conf restrictions for suid processes possible? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greetings, :) I am working on some resource limit stuff and would like to be able to use login.conf to restrict the number of cgi processes that certain users can run. Unfortunately, the proprietary cgi product we use is owned by root and suid's to the user who owns the script that it is called to run. (This is not what I would call a "good idea," but it's what I have to work with.) I've created a login class with the appropriate permissions, and if I put a test user in that class and test its limits with normal system processes (like ls, sleep, etc.) it follows all the rules. However when I start miva (proprietary cgi) processes for scripts owned by that user, it ignores the limits, presumably because the process starts its life as root. Soooo, the question is, how can I do what I want to do, and if I can't do it with login.conf does anyone have any other suggestions? Specifically I need to restrict the amount of ram and the number of processes on a per user basis. I'm working on a -current system, but I don't think this issue bears directly on -current. Thanks for any help, Doug -- On account of being a democracy and run by the people, we are the only nation in the world that has to keep a government four years, no matter what it does. -- Will Rogers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message