LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-23-2007, 05:41 AM   #1
doodlebug
LQ Newbie
 
Registered: Aug 2007
Posts: 3

Rep: Reputation: Disabled
./configure: fork: Resource temporarily unavailable


Hi,

I have setup a box, for friends to use shells on, a non profit venture, but would like to ensure it is secure,
I have created groups, users and edquotas no problems there, my biggest worry is the limitations each shell group has, ensuring it limits the background processes.
I have been playing around with group limits in limits.conf,
@eggdrop soft nproc 5
@eggdrop hard nproc 5
and have successfully reached a good level for an eggdrop user, but I also created a script, which my friends could use to install the eggdrop (Saves me doing it for them) see below.
so all they have to do it nano eggdrop.conf.
the script works REALLY well (with no process restrictions) and the eggdrops run nicely with soft, hard nproc limited to 5 in limits.conf.
However, if the group limited to 5 procs uses the script, it returns an error
eggdrop1.6.18/text/motd
eggdrop1.6.18/text/motd.finnish
./configure: fork: Resource temporarily unavailable
./configure: fork: Resource temporarily unavailable
./configure: fork: Resource temporarily unavailable
./configure: fork: Resource temporarily unavailable

as soon as it reaches ./configure it must run out of processes.

I can get it to work by rasing the process limitations, but that will allow the user to launch more processes once installation is complete.

I know this must be deemed as a beginner level error, but it has me stumped..
could you suggest a means to limit processes to 1 back ground process, but allow the installer script to work?
any help or pointing in right direction would be appreciated.
Intel Celeron 2.0GHz+
80GB Hard Drive
CentOS Enterprise Linux, Version 4
512 MB RAM
the script is as follows named geteggdrop located in /usr/bin chmodded 755 (root)
Code:
 
pwd
cd ~
wget urlblocked/eggdrop.blah
clear
ls eggdrop*
tar -xzvf eggdrop1.6.18.tar.gz
cd eggdrop1.6.18
./configure
make config
make
make install
cd ~
rm -f eggdrop1.6.18.tar.gz
rm -r eggdrop1.6.18
geteggdrop2
the following geteggdrop2 is in /usr/bin chmodded 755 (root)
Code:
pwd
cd ~
cd eggdrop
echo -e "make sure you are in directory eggdrop IE: cd eggdrop"
echo -e "please type ./eggdrop -m eggdrop.conf"
nano eggdrop.conf
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
pending signals (-i) 1024
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 50
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 5
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

Last edited by doodlebug; 08-23-2007 at 05:46 AM. Reason: added info
 
Old 08-23-2007, 06:19 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
I have setup a box, for friends to use shells on, a non profit venture, but would like to ensure it is secure,
I'd be interested to know what you exactly did to secure and harden the box.


the script is as follows named geteggdrop located in /usr/bin chmodded 755 (root)
Maybe I'm ignorant but is there a specific reason to not install this piece of software centrally and let users configure it with their personal config files? Or do the configure and compile stages hardcode locations? If that is not the case then you don't need users to configure and compile each and every time: all they need is to run "make install" and I'd like to suggest another approach. Maybe a recipe like this could work (haven't tested it, might need some tweakage so YMMV(VM)): add new unprivileged user and group called say "install" and set password. Add all those users to a that group. Make sure user "install" has write rights into users home. Place source code in /home/install, configure and compile. Add script that receives no user input and determines users home from calling $SUDO_USER, runs some checks and does the "make install DEST=/home/username/somedir". Add entry in /etc/sudoers (you do use sudo, right?) to allow authorised users to execute the script as user "install". For a more detailed audit trail run the script from RootSH or SudoSH (which you can also use if you want an audit trail of what users do on your box).


the following geteggdrop2 is in /usr/bin chmodded 755 (root)
Wouldn't it be better to put this as a script in /etc/skel for users to run under their own UID? They don't need root access rights to change their personal config files, right?
 
Old 08-23-2007, 10:14 AM   #3
doodlebug
LQ Newbie
 
Registered: Aug 2007
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thumbs up

Expanding from what you suggested with a new user INSTALL.
(top idea)

I have now basically installed the eggdrop (unconfigured) into the user /home/install/eggdrop/*
and created a script to copy over the eggdrop folder to /home/theuser/eggdrop/ and simply allowing the user to configure it themselves.
The real issue was me trying to make install for all users, which as you pointed out, is not really required.

btw: they dont execute the scripts from root, i simple added root to show i chmodded it from user root.


I'd be interested to know what you exactly did to secure and harden the box.
The box was setup by an external company. I shall make enquiries.

Wouldn't it be better to put this as a script in /etc/skel for users to run under their own UID? They don't need root access rights to change their personal config files, right?Yes it may be better, and no they dont need, nor have root access.



thank you for sparking off a great means to get what i wanted.

Appreciated.
 
Old 08-23-2007, 03:34 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
Uh. OK. Cool. Slash the root stuff tho, I managed to conjure up things clearly wheren't there :-]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fork: resource temporarily unavailable ??? str8edge Linux - General 3 06-21-2011 09:00 AM
vfork: resource temporarily unavailable verbose Linux - General 5 02-04-2007 04:17 AM
xcdroast - resource temporarily unavailable mwildam Linux - Newbie 4 09-24-2006 04:28 PM
Siocsifflags: Resource Temporarily Unavailable camapa Linux - Networking 0 09-24-2005 07:58 PM
SIOCSIFFLAGS: Resource temporarily unavailable bleef Linux - Networking 2 05-14-2001 10:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration