LinuxQuestions.org - How do I limit the amount of processes a user can run?

Page 2 of 2

Show 50 post(s) from this thread on one page

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - How do I limit the amount of processes a user can run? (https://www.linuxquestions.org/questions/slackware-14/how-do-i-limit-the-amount-of-processes-a-user-can-run-309089/)

macemoneta

04-03-2005 09:57 AM

Quote:

Originally posted by chbin
since were on the topic of ulimits, is there a way to limit the cpu time of a particular process or particular user? I'm assuming there has to be, never tried it though.

Setting a CPU limit is tricky. The problem is that CPU time is cumulative. That is, the number of processes goes up and down, as does memory usage, but CPU only goes up.

It can be set (in seconds of CPU time) with:

ulimit -t 123

However, this is more useful when added as a "watchdog" to a process that shouldn't take more than a certain amount of time. For example:

Code:

# This should only run for 2 or three seconds

ulimit -S -t 10

While true

do

  if [ "$condition" == "done" ]

  then

    ulimit -S -t unlimited

    exit

  fi

...

done

houler

04-03-2005 04:08 PM

Quote:

Originally posted by SiegeX

Code:

if [[ "$USER" == "root" ]]; then ulimit -u 512 else ulimit -u 256 fi

Thanks for the script!

Code:

if[[ "$USER" == "houler" ]]; then

  ulimit -u 2

fi

How would one use a the "Hard" limit on that script (which I added in /etc/profile)? I know it's a -H, but I checked the bash man pages and I'm not really sure how it's used, here:

ulimit -H hard -u 256, says something about and invalid argument, and it sets the user processing limit back to 1000+

when I leave it to 'ulimit -u 2', it works fine.

SiegeX

04-03-2005 04:11 PM

Quote:

Originally posted by houler
How would one use a the "Hard" limit on that script (which I added in /etc/profile)? I know it's a -H, but I checked the bash man pages and I'm not really sure how it's used, here:

ulimit -H hard -u 256, says something about and invalid argument, and it sets the user processing limit back to 1000+

when I leave it to 'ulimit -u 2', it works fine.

Quoteth the bash man page

Quote:

If neither -H nor -S is specified, both the soft and hard limits are set

So no need to use -H

houler

04-03-2005 04:11 PM

Quote:

Originally posted by macemoneta
To limit execution of a large app in a loop, you can use memory limits as well:

# No core files by default
ulimit -c 0 > /dev/null 2>&1
# 768MB virtual memory limit
ulimit -v 786432 > /dev/null 2>&1
# 384MB resident memory limit
ulimit -m 393216 > /dev/null 2>&1
# 256 max processes per user
ulimit -u 256 >/dev/null 2>&1

Killing the loops isn't a problem. Many will fail on their own once they hit the resource limit. Those that don't can be killed from another login session (the limits are per session). System performance won't be an issue, unless you've set the limit too high. If neither -H nor -S is specified, both the soft and hard limits are set. The documentation for ulimit is in the bash man page (man bash).

Could I just plug that in /etc/profile?

keefaz

04-03-2005 04:40 PM

Better is to do it in slackware style, put those lines in a file like
/etc/profile.d/ulimit.sh

chmod +x it

houler

04-03-2005 05:22 PM

Ok I did it, thanks.

houler

04-04-2005 02:27 PM

A new problem arises with setting the ulimit after I make a chrooted ssh session:

Here's the story:

Basically, the shell is a"chroot-shell" script, Here is the script:

Code:

#!/bin/bash

if [ "$1" = "-c" ]; then

        i=0;

        PARAMS="";

        for param in $*; do

                if [ $i -gt 0 ]; then

                        PARAMS="$PARAMS $param";

                fi

                let i++;

        done;

        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c "$PARAMS"

else

        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER

fi;

When the user logs on, he's brought to this script first. The script logs in through "sudo" making the "ulimit" to like 512, after the user logs in, He's allowed to have 512 processes running and not the 256 I specified in /etc/profile:

Code:

if [[ "$USER" == "root" ]]; then

 ulimit -u 512

 else

 ulimit -u 256

fi

Any suggestion on how to circumvent this problem?

macemoneta

04-04-2005 03:43 PM

Quote:

Any suggestion on how to circumvent this problem?

Have sudo execute a script, passing it the parameters. In the script, set the ulimits you want, then execute the appropriate program based on the passed parameters.

houler

04-04-2005 04:11 PM

Quote:

Originally posted by macemoneta
Have sudo execute a script, passing it the parameters. In the script, set the ulimits you want, then execute the appropriate program based on the passed parameters.

How do i do that exactly?

Do you mean edit the script above, and somewhere along that script put down "sudo /bin/ulimits" where the 'ulimits' script will run

Code:

if [[ "$USER" == "root" ]]; then

ulimit -u 256

fi

Code:

#!/bin/bash

if [ "$1" = "-c" ]; then

        i=0;

        PARAMS="";

        for param in $*; do

                if [ $i -gt 0 ]; then

                        PARAMS="$PARAMS $param";

                fi

                let i++;

        done;

        sudo /bin/ulimits  <----------------HERE?

        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c "$PARAMS"

else

        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER

fi;

?

Sorry just a bit baffled because of the amount of "gaps" in the knowledge I know about scripts

macemoneta

04-04-2005 06:58 PM

More along the lines of:

Code:

...

done;

        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c runUser "$PARAMS"

else

        sudo /usr/sbin/chroot /home/$USER /bin/su - $USER runUser bash

fi;

Where runUser is something along the lines of:

Code:

#!/bin/bash

# Set limits and execute

ulimit -u 256

$*

SiegeX

04-04-2005 07:49 PM

Actually I just realized that setting ulimit's for root is pointless because root can exceed even hard limits.

houler

04-04-2005 08:02 PM

Quote:

Originally posted by SiegeX
Actually I just realized that setting ulimit's for root is pointless because root can exceed even hard limits.

It's funny cuz I just realized that too not too long ago.

A way around it that I just figured out:

create a 'profile' file (or cp /etc/profile) and put it in /chroot-dir/etc/ and edit it

and add

Code:

# Ulimit settings for root

if [[ "$USER" == "root" ]]; then

 ulimit -u 512

 else

 ulimit -u 256

fi

It's working for now...

All times are GMT -5. The time now is 12:10 PM.

Page 2 of 2

Show 50 post(s) from this thread on one page