LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Limiting a user to an amount of procs. (http://www.linuxquestions.org/questions/slackware-14/limiting-a-user-to-an-amount-of-procs-4175434788/)

basil_brush 10-30-2012 02:36 PM

Limiting a user to an amount of procs.
 
I know of /etc/limits ...is that the place to put a limit of a users processors/programs, is limited to. And if so, what is rough average for browsing, playing tunes, basically a general desktop.

T3slider 10-30-2012 03:05 PM

I created a /etc/profile.d/ulimit.sh file containing the following:
Code:

#!/bin/sh

ulimit -u 300

If you have a real multiuser setup and allow users to choose their own shells you should also create the equivalent ulimit.csh file with the appropriate c-shell command instead (I believe c shells use limit instead of ulimit...`limit maxproc 300` might work but I have no experience with those shells). I use a lightweight window manager and I haven't encountered problems with 300 processes per user, but you may with the heavier stuff (though I occasionally run KDE without problems as well).
Code:

$ ps ux | wc -l
under a heavy session would give you a starting point as to how many processes is reasonable. I could probably get away with 100 but 300 is enough to provide adequate freedom while limiting the impact of fork bombs so I'm content.

basil_brush 10-31-2012 04:51 AM

Thanks for the reply T3slider, would you also consider limiting root?

T3slider 10-31-2012 12:48 PM

I believe that will limit root already since it does not discriminate based on uid, but root will always have the ability to increase the max processes if needed by running ulimit in the shell (regular users cannot increase the limit above the hard limit). I guess the following would work to restrict it to regular users:
Code:

#!/bin/sh

if ! [ $UID -eq 0 ]; then
    ulimit -u 300
fi

Of course, then a fork bomb running as root would bring the system to its knees...but any fork bomb could just adjust the max processes runnable by root before executing so it's irrelevant.


All times are GMT -5. The time now is 05:22 PM.