Date: Wed, 4 Aug 1999 18:16:17 -0700 (PDT) From: Doug <Doug@gorean.org> To: freebsd-questions@freebsd.org Subject: login.conf restrictions for suid processes possible? Message-ID: <Pine.BSF.4.05.9908041808590.25518-100000@dt011n65.san.rr.com>
next in thread | raw e-mail | index | archive | help
Greetings, :)
I am working on some resource limit stuff and would like to be
able to use login.conf to restrict the number of cgi processes that
certain users can run. Unfortunately, the proprietary cgi product we use
is owned by root and suid's to the user who owns the script that it is
called to run. (This is not what I would call a "good idea," but it's what
I have to work with.)
I've created a login class with the appropriate permissions, and
if I put a test user in that class and test its limits with normal system
processes (like ls, sleep, etc.) it follows all the rules. However when I
start miva (proprietary cgi) processes for scripts owned by that user, it
ignores the limits, presumably because the process starts its life as
root.
Soooo, the question is, how can I do what I want to do, and if I
can't do it with login.conf does anyone have any other suggestions?
Specifically I need to restrict the amount of ram and the number of
processes on a per user basis. I'm working on a -current system, but I
don't think this issue bears directly on -current.
Thanks for any help,
Doug
--
On account of being a democracy and run by the people, we are the only
nation in the world that has to keep a government four years, no matter
what it does.
-- Will Rogers
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908041808590.25518-100000>