From owner-freebsd-security Thu Jan 25 11:41:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id DB12237B6B6 for ; Thu, 25 Jan 2001 11:40:55 -0800 (PST) Received: (qmail 2322 invoked by uid 1000); 25 Jan 2001 19:39:24 -0000 Date: Thu, 25 Jan 2001 21:39:24 +0200 From: Peter Pentchev To: Allen Edwards Cc: freebsd-security@FreeBSD.ORG Subject: Re: Newbie Post - Limiting processes Message-ID: <20010125213924.E1122@ringworld.oblivion.bg> Mail-Followup-To: Allen Edwards , freebsd-security@FreeBSD.ORG References: <20010125211418.B1122@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from aedwards@hiqinternet.com on Thu, Jan 25, 2001 at 02:26:52PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 25, 2001 at 02:26:52PM -0500, Allen Edwards wrote: > Thank you all kindly. I am the kind of newbie who has a few brain cells > left, and little hints like a file existing called "login.conf" and the man > works on it was a great help. Also thanks for the tips here, I had it set > for 2 and might bump it up to 5. > > I got the idea of background process from a web-site that sells shell > accounts. > > http://www.digital-galaxy.net/index2.htm > > They sell based on HDD space as well as background processes. > > Thanks again for everyone's help. An additional point. You can limit the number of background processes with some daemon which wakes up periodically, then either does a ps, or uses libkvm to gather process info, and looks for such. It's something that's not too hard to do in Perl.. there are some race conditions to bear in mind, but writing a mostly-working version won't be too hard. You might also want to do something like: find /tmp/screens -type s -ls and add this to the background processes' number. This is a quite commonly used trick - running processes inside a detached screen session. How to detect *which* processes are actually run within that particular session.. well, the filename of the screen socket is easily parseable into a pid - in the already-built process tree, look for children of that pid, and add *them*, too, to the backgnd processes you might want to kill. For a very primitive example of building a process tree in a Perl script, look at the sysutils/pslist port. G'luck, Peter -- This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message