Date: Tue, 14 Mar 2000 12:20:54 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Bhishan Hemrajani <bhishan@cytosine.dhs.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DoS attack, Mail errors on new account Message-ID: <97077.953029254@axl.ops.uunet.co.za> In-Reply-To: Your message of "Fri, 10 Mar 2000 17:51:47 PST." <200003110151.RAA15250@cytosine.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 10 Mar 2000 17:51:47 PST, Bhishan Hemrajani wrote: > 1. I have experienced a DoS attack by one of my users > who has used 100% of the cpu. I'm not saying it wasn't a DoS attack, but you should be aware that a process listed as using 100% CPU isn't always denying service. If nothing else requires much CPU, any relatively CPU-intensive process is going to get 100% CPU. > I do have limits, and the > process was killed after consuming 1h of CPU time. > is there any way to limit the process to CPU usage? Not in the way I think you want. It sounds like you want to throttle CPU usage, so that a given user or class of users isn't allowed to use more than a certain percentage of the available CPU at a given time. You can't do that. What you _can_ do is add the users to a login class (see the login.conf(5) manual page) which has a high "priority". This is a confusing name for the capability; it represents the initial _nice_ level at which to run processes for these users. This will be very effective in controlling CPU-bound processes, but pretty ineffective against controlling IO-bound processes. > 2. After I create a user, the mail box doesn't seem to work > correctly. I try to run elm as a new user that I created > and it is exiting with a signal 6 because it cannot read > /var/mail/user. > > This is a printout of ll in that dir after that command has run: > -r-------- 1 test mail 5 Mar 10 17:36 test.lock Hmmm. What ownerships and permissions to you have on the /var/mail directory? If they're writable by group mail, you can probably make the elm binary sgid (2555) to group mail. That should allow this type of mailbox locking. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97077.953029254>