From owner-freebsd-questions  Tue Mar 14  2:21:18 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175])
	by hub.freebsd.org (Postfix) with ESMTP id 6E17A37B760
	for <freebsd-questions@freebsd.org>; Tue, 14 Mar 2000 02:21:07 -0800 (PST)
	(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
	by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1)
	id 12UoRa-000PFm-00; Tue, 14 Mar 2000 12:20:54 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Bhishan Hemrajani <bhishan@cytosine.dhs.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: DoS attack, Mail errors on new account 
In-reply-to: Your message of "Fri, 10 Mar 2000 17:51:47 PST."
             <200003110151.RAA15250@cytosine.dhs.org> 
Date: Tue, 14 Mar 2000 12:20:54 +0200
Message-ID: <97077.953029254@axl.ops.uunet.co.za>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Fri, 10 Mar 2000 17:51:47 PST, Bhishan Hemrajani wrote:

> 1. I have experienced a DoS attack by one of my users
>    who has used 100% of the cpu.

I'm not saying it wasn't a DoS attack, but you should be aware that a
process listed as using 100% CPU isn't always denying service.  If
nothing else requires much CPU, any relatively CPU-intensive process is
going to get 100% CPU.

>    I do have limits, and the
>    process was killed after consuming 1h of CPU time.
>    is there any way to limit the process to CPU usage?

Not in the way I think you want.  It sounds like you want to throttle
CPU usage, so that a given user or class of users isn't allowed to use
more than a certain percentage of the available CPU at a given time.
You can't do that.

What you _can_ do is add the users to a login class (see the
login.conf(5) manual page) which has a high "priority".  This is a
confusing name for the capability; it represents the initial _nice_
level at which to run processes for these users.  This will be very
effective in controlling CPU-bound processes, but pretty ineffective
against controlling IO-bound processes.

> 2. After I create a user, the mail box doesn't seem to work
>    correctly. I try to run elm as a new user that I created
>    and it is exiting with a signal 6 because it cannot read
>    /var/mail/user.
> 
> This is a printout of ll in that dir after that command has run:
> -r--------  1 test     mail      5 Mar 10 17:36 test.lock

Hmmm.  What ownerships and permissions to you have on the /var/mail
directory?  If they're writable by group mail, you can probably make the
elm binary sgid (2555) to group mail.  That should allow this type of
mailbox locking.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message