From owner-freebsd-hackers Sat Feb 2 14:36:44 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.web.am (wizard.web.am [217.113.0.66]) by hub.freebsd.org (Postfix) with SMTP id 71B9837B400 for ; Sat, 2 Feb 2002 14:36:38 -0800 (PST) Received: (qmail 83317 invoked from network); 2 Feb 2002 22:49:45 -0000 Received: from unknown (HELO nm.web.am) (217.113.3.2) by wizard.web.am with SMTP; 2 Feb 2002 22:49:45 -0000 Received: (from nm@localhost) by nm.web.am (8.11.6/8.11.4) id g12MaHc00469 for freebsd-hackers@FreeBSD.ORG; Sun, 3 Feb 2002 02:36:17 +0400 (AMT) (envelope-from nm) Date: Sun, 3 Feb 2002 02:35:46 +0400 From: Gaspar Chilingarov To: freebsd-hackers@FreeBSD.ORG Subject: Re: fork rate limit Message-ID: <20020202223546.GA430@mail.web.am> References: <20020202201551.GA89061@mail.web.am> <200202022052.g12KqOM17214@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200202022052.g12KqOM17214@apollo.backplane.com> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG -> Date: Sat, 2 Feb 2002 12:52:24 -0800 (PST) -> From: Matthew Dillon -> To: Gaspar Chilingarov -> Cc: freebsd-hackers@FreeBSD.ORG -> Subject: Re: fork rate limit -> -> :Hi! -> : -> :Is it reasonable to administratively limit users' ability to call fork -> :too other ? Users can take away too much CPU time even if you have ^^^ sorry, often, it's my typo :) -> :limited them by login.conf 'cputime' limit - just forking lightweight -> :processes too often. -> : -> :If it seems good thing to do, i'll try to code it and submit patches for -> :-current. -> : -> :I think this limit must go to struct uidinfo, am i right ? -> :Also i need to store per-user counters somewhere, can i place it there? -> : -> :-- -> :Gaspar Chilingarov -> -> Well, we did make fork inherit the parent process's current -> priority, so if a parent process forks() a lot it and its -> children should get less cpu. Beyond that the system can't really -> tell whether the cpu use is something the sysad wants (i.e. sa -> y it's a web server) or something the sysad doesn't want (an -> abusive user). -> -> -Matt i think SA can easily tell tehe system by assigning different uids assigned to them :) I've got such situation on our free shellbox set up in the university - some newbies were kidding with old while(1) fork(); attack. Finnaly they got hit by memory limits set up for each user, but anyway they were taking a lot of processor time. I prefer to limit some uid's ability to do many forks in some short period - like 'no more than 200 forks in 10 seconds' or smthng like this. -- Gaspar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message