From owner-freebsd-isp  Sun Jul 15  3:41:38 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from unity.agava.ru (unity.agava.ru [213.59.3.227])
	by hub.freebsd.org (Postfix) with ESMTP id 6700D37B403
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 03:41:29 -0700 (PDT)
	(envelope-from frank@agava.com)
Received: from relay2.agava.net.ru (unknown [193.125.142.2])
	by unity.agava.ru (Postfix) with ESMTP id 98EDA27E9C5
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 14:41:27 +0400 (MSD)
Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2])
	by relay2.agava.net.ru (Postfix) with ESMTP id 0E20D43994
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 14:40:08 +0400 (MSD)
Received: from hellbell.domain (hellbell.domain [192.168.1.12])
	by gw.office.agava.ru (Postfix) with ESMTP id 824415EBB
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 14:40:08 +0400 (MSD)
Received: from localhost (localhost [127.0.0.1])
	by hellbell.domain (Postfix) with ESMTP id 60A75CCC9
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 14:40:07 +0400 (MSD)
Date: Sun, 15 Jul 2001 14:40:06 +0400 (MSD)
From: Alexey Zakirov <frank@agava.com>
X-X-Sender:  <frank@hellbell.domain>
Cc: <freebsd-isp@freebsd.org>
Subject: Re: Background processes limiting
In-Reply-To: <001701c10ce1$52a05a20$9653949f@lv>
Message-ID: <Pine.BSF.4.32.0107151427030.69625-100000@hellbell.domain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=KOI8-R
Content-Transfer-Encoding: 8BIT
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Sat, 14 Jul 2001, [windows-1257] Matīss Elsbergs wrote:

> >Giving them a limit of 5 would mean 4 background processes, since there
> >shell would use the 5th... I dont know if there is another way, but this
> >seems like a simply answer :P
>
> yeah, that was the first thing that came into my mind..
>
> But 4 bg processes roughly for free shell users means 4 eggdrops.. Or BXses,
> or something like that - very nice for user, but a hell for a old crappy BSD
> box.

Giving shell access does NOT mean giving access to internet for user.
We've run public shell boxes (free web hosting) for 3 years and I didn't get
any DoS from such users. Yes, we use jail(8) widely and after logging into
system user can't do anything like eggdrops because it is 172.16... net.
Just a overlapped jail. So we don't care about amount of processes those
users run. BTW if you want to run a shell box you definitly need the patch
from PR/18209 (http://www.FreeBSD.org/cgi/query-pr.cgi?pr=18209).

*** WBR, Alexey Zakirov (frank@agava.com)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message