Limiting number of processes: /etc/security/limits.conf vs. /etc/ld.so.preload

brianmcgee · 01-09-2012, 02:23 AM

Within a multiuser environment, we are currently enforcing a per user process limit of 40(e.g. also for fcgi processes). This is done via ld.so.preload, that forces the loading of a custom shared library that has been written in C. This library overrides the functions for creating child processes and enforces the process limit.

It works but I'm wondering what are the advantages of this solution and is it better or worse than using limits enforced by pam_limits and /etc/security/limits.conf.

What do you think? I think that this solution might be a lot faster.

kbp · 01-09-2012, 07:26 AM

Seems kludgey to me ... like using a hacksaw to trim your toenails, sure it'll get the job done but you may not like the result. Also there will be no flexibility, how do you make an exception?

Valery Reznic · 01-10-2012, 09:41 AM

Quote:

Originally Posted by brianmcgee

Within a multiuser environment, we are currently enforcing a per user process limit of 40(e.g. also for fcgi processes). This is done via ld.so.preload, that forces the loading of a custom shared library that has been written in C. This library overrides the functions for creating child processes and enforces the process limit.

It works but I'm wondering what are the advantages of this solution and is it better or worse than using limits enforced by pam_limits and /etc/security/limits.conf.

What do you think? I think that this solution might be a lot faster.

What about using 'ulimit -u'?