Date: Tue, 4 Sep 2001 11:56:28 -0700 From: Jason DiCioccio <geniusj@bluenugget.net> To: Chris BeHanna <behanna@zbzoom.net> Cc: security@freebsd.org Subject: Re: Need help with limits(1) Message-ID: <20010904115628.A63273@bluenugget.net> In-Reply-To: <20010904121057.C47041-100000@topperwein.dyndns.org> References: <48396009431.20010904114449@internethelp.ru> <20010904121057.C47041-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > On Tue, 4 Sep 2001, Nickolay A.Kritsky wrote: >=20 > > Hi, all. > > I have a webserver running on FreeBSD 3.3. One of the perl scripts > > located there has some bug, that puts him in the infinite loop. This > > causes my webserver to stall, so that the only way to reboot is > > hardware reset. I want to restrict user httpd to use no more than > > 75% of CPU time. I read man limits(1) and man getrlimit(2) but they > > only talk about limiting cputime in seconds, but not percents. It > > means that I can restrict httpd process to run no more than 10 > > seconds, but in this 10 seconds it will have access to all CPU power > > of the computer, making administrative work quite impossible. How > > can I add percent-based cputime restrictions for various users and > > login classes? >=20 This is tough to do reliably. The obvious reason being that any process should be able to spike up to 100% once and a while (such as when there is activity).. You could however, write a script of some sort to check the CPU usage of a process every once and a while and if it exceeds a certain threshold, then take appropriate action (such as if it's over 90% during 3 probes spaced 1 minute apart). I think the best way to do it would be to check the CPU Time every X seconds/minutes and if (NEWCPUTIME - OLDCPUTIME) > LIMIT then take appropriate action. This seems to be the safest way to monitor a= nd destroy 'runaway' processes and such. Cheers, -JD- --=20 Jason DiCioccio - geniusj@bsd.st - PGP Key @ http://bsd.st/~geniusj/pgpkey.= asc --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBO5Uj1tNQlZYENnwIEQINBwCgvUOFn31U9EueBShuIsmyw09iVcQAnjbR oZ0CLZR78S1pHSuC3Cr4k5Xg =zcAu -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010904115628.A63273>