Date: Sun, 3 Feb 2002 02:35:46 +0400 From: Gaspar Chilingarov <nm@web.am> To: freebsd-hackers@FreeBSD.ORG Subject: Re: fork rate limit Message-ID: <20020202223546.GA430@mail.web.am> In-Reply-To: <200202022052.g12KqOM17214@apollo.backplane.com> References: <20020202201551.GA89061@mail.web.am> <200202022052.g12KqOM17214@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-> Date: Sat, 2 Feb 2002 12:52:24 -0800 (PST) -> From: Matthew Dillon <dillon@apollo.backplane.com> -> To: Gaspar Chilingarov <nm@wizard.web.am> -> Cc: freebsd-hackers@FreeBSD.ORG -> Subject: Re: fork rate limit -> -> :Hi! -> : -> :Is it reasonable to administratively limit users' ability to call fork -> :too other ? Users can take away too much CPU time even if you have ^^^ sorry, often, it's my typo :) -> :limited them by login.conf 'cputime' limit - just forking lightweight -> :processes too often. -> : -> :If it seems good thing to do, i'll try to code it and submit patches for -> :-current. -> : -> :I think this limit must go to struct uidinfo, am i right ? -> :Also i need to store per-user counters somewhere, can i place it there? -> : -> :-- -> :Gaspar Chilingarov -> -> Well, we did make fork inherit the parent process's current -> priority, so if a parent process forks() a lot it and its -> children should get less cpu. Beyond that the system can't really -> tell whether the cpu use is something the sysad wants (i.e. sa -> y it's a web server) or something the sysad doesn't want (an -> abusive user). -> -> -Matt i think SA can easily tell tehe system by assigning different uids assigned to them :) I've got such situation on our free shellbox set up in the university - some newbies were kidding with old while(1) fork(); attack. Finnaly they got hit by memory limits set up for each user, but anyway they were taking a lot of processor time. I prefer to limit some uid's ability to do many forks in some short period - like 'no more than 200 forks in 10 seconds' or smthng like this. -- Gaspar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020202223546.GA430>