Date: Thu, 28 Jan 1999 13:56:12 -0500 (EST) From: "John S. Dyson" <dyson@iquest.net> To: dyson@iquest.net Cc: dillon@apollo.backplane.com, toasty@home.dragondata.com, dyson@iquest.net, wes@softweyr.com, hackers@FreeBSD.ORG Subject: Re: High Load cron patches - comments? Message-ID: <199901281856.NAA21763@y.dyson.net> In-Reply-To: <199901281849.NAA21723@y.dyson.net> from "John S. Dyson" at "Jan 28, 99 01:49:00 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
John S. Dyson said: > Matthew Dillon said: > > :> > > : > > :I considered a 'maximum children' limit. > > : > > :How do you prevent a user from breaking cron by executing 100 shell scripts > > :that have 'sleep 10000' in them? > > : > > :Kevin > > > > By closing his account. > > > > No, really... by closing his account. If a user abuses his privilage > > there isn't much you can do about it no matter what kind of rate limiting > > you have. All you can do is try to set the limits such that you can > > still login as root and turn off the account. > > > > About once a month, some user on some BEST machine makes a mistake and > > does something that causes a huge load. It is usually NOT intentional. > > Sometimes it's a CGI runaway on a heavily-accessed site, sometimes it's > > a shell script gone awry. > > > > We've seen loads of 600. > > > > The funny thing is that even with a load of 600, people can still login > > to the machine and do stuff. This is because either the user or the > > subsystem involved has hit a hard limit. > > > With proper limit schemes, your performance for the non-obnoxious user would > even be better. One doesn't limit the "system" to forks/sec, but one limits > individual processes (if you want to set a hard limit like that.) One can > also do the right thing, and make sure that the fork has appropriate CPU > usage accounting, so that the chargeback to the forking process is correct > for that kind of activity. > One more comment about this posting: Rather than limiting the "system" to forks/sec, but limit it's CPU usage to something sane. -- John | Never try to teach a pig to sing, dyson@iquest.net | it makes one look stupid jdyson@nc.com | and it irritates the pig. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901281856.NAA21763>