From owner-freebsd-current Sat Apr 10 14: 0:30 1999 Delivered-To: freebsd-current@freebsd.org Received: from home.dragondata.com (home.dragondata.com [204.137.237.2]) by hub.freebsd.org (Postfix) with ESMTP id 0188C14DF7 for ; Sat, 10 Apr 1999 14:00:19 -0700 (PDT) (envelope-from toasty@home.dragondata.com) Received: (from toasty@localhost) by home.dragondata.com (8.9.2/8.9.2) id PAA27724; Sat, 10 Apr 1999 15:57:27 -0500 (CDT) From: Kevin Day Message-Id: <199904102057.PAA27724@home.dragondata.com> Subject: Re: DoS from local users (fwd) In-Reply-To: <199904102037.NAA01262@apollo.backplane.com> from Matthew Dillon at "Apr 10, 1999 1:37: 6 pm" To: dillon@apollo.backplane.com (Matthew Dillon) Date: Sat, 10 Apr 1999 15:57:26 -0500 (CDT) Cc: hasty@rah.star-gate.com, dv@dv.ru, green@unixhelp.org, freebsd-current@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > : > :It should be possible to prevent a user from hogging a system if the system's > :naive scheduler is improved. > : > : Amancio > > No, it isn't. For a very simple reason: The resources users need to do > real work are very similar to the resources users need to hog the system. > > Saying that the system should somehow be able to magically make the > distinction between the two is a pipedream. It takes a human to make > the distinction. > > Short of restricting the resources you give to users to the point where > they can't even start a mail or news client, there is just no way to > prevent said users from loading down the machine if they choose to. > > -Matt > > On the shell servers I run, we've got 200-300 users running tasks. Occasionally, through intent or misconfiguration, a user either forkbombs, or gets a large number of processes running sucking lots of cpu. I'd like to see an option that makes all the processes run by one uid have the same weight as one process another uid is running. i.e. uid 1001 starts 40 processes eating as much cpu as they can. Then uid 1002 starts up one process. Uid 1002's process gets 50% cpu, and uid 1001's 40 processes get 50% cpu shared between them. This way, one errant user can't have as significant of an impact. Is this plausable? Kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message