in search of a better timelimit program

Skaperen · 03-07-2011, 09:13 AM

I tried using the "timelimit" program in the package of the same name in Ubuntu. It originally comes from the netpipes packages, but was packaged separately in Ubuntu. Turns out this program does not work very well. It works if the limited process is the exact process timelimit itself forks. If that process forks any others, those others just keep running.

So I'm looking for a program that can do this function and limit an entire process group. For this all I need is wall clock time limiting. If such a program has to create a whole PTY session much like script does, and kills everything using that PTY, that should be fine, although I think something doing a setsid() should be sufficient.

FYI, just starting up another process that waits till the time end and kills the processes is not safe, since the processes to be limited may just exit early on their own, and something else may later run under recycled process IDs or process group IDs. This absolutely needs to be something that handles things correctly, such as exiting if the managed process group exits.

Anyone heard of such a thing that really works well? I don't want to be re-inventing it if it already exists.

comp_brad1136 · 03-08-2011, 09:35 PM

i use timeoutd for my kids' accounts.
works as advertised!

Skaperen · 03-09-2011, 10:10 AM

Code:

Package: timeoutd
State: not installed
Version: 1.5-10.1ubuntu1
Priority: extra
Section: universe/admin
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Uncompressed Size: 123k
Depends: libc6 (>= 2.7), libx11-6, libxext6, libxss1
Conflicts: suidmanager (< 0.50)
Description: Flexible user timeout daemon with X11 support
 timeoutd enforces the time restrictions specified for each or all users. 
 
 timeoutd scans /var/run/utmp every minute and checks /etc/timeouts for an entry
 which matches a restricted user, based on: 
 
 * The current day and time 
 * The tty that the user is currently logged in on 
 * The user's login ID 
 * Any primary or secondary groups the user is in 
 timeoutd can restrict local users, X11-users and users via telnet/SSH for a
 maximum of their session, max. day, idle or no login at all. 
 
 timeoutd is also able to restrict users running X.

Sounds like it would be great for limiting kids usage. If only it had a means to test for homework completion

But for my case, I'd doing stuff like a cron job running a script that runs a sequence of rsync updates. Those runs of rsync could last for a long time if there is a lot of data changes. I want to limit them to (for example) 4 hours total. It's that specific cron job that I want to limit. Separate cron jobs possibly running in parallel would have their own timelimits (not necessarily the same time frames). And this also needs to work even when I run the script manually. Limiting a whole user won't work for this, either, since most run as root.

I suspect I have to write my own tool. I'll probably calling setsid() in the forked child before it does execve() to run the specified command, and doing the kill sequence on the whole session (e.g. the session leader process ID negated). Unless some program therein starts its own setsid() session, that should work (my script won't, and as far as I know, rsync doesn't).

comp_brad1136 · 03-09-2011, 11:09 AM

now I see. I should have read your post better.

(makes a donkey sound)

sorry

Skaperen · 03-24-2011, 08:23 AM

So it looks like I need to create this program.