From owner-freebsd-current  Mon Apr 12 22:49:36 1999
Delivered-To: freebsd-current@freebsd.org
Received: from leap.innerx.net (leap.innerx.net [38.179.176.25])
	by hub.freebsd.org (Postfix) with ESMTP id ECCC014E42
	for <freebsd-current@FreeBSD.ORG>; Mon, 12 Apr 1999 22:49:32 -0700 (PDT)
	(envelope-from chris@holly.dyndns.org)
Received: from holly.dyndns.org (ip60.houston13.tx.pub-ip.psi.net [38.27.213.60])
	by leap.innerx.net (Postfix) with ESMTP
	id 0145537071; Tue, 13 Apr 1999 01:47:10 -0400 (EDT)
Received: (from chris@localhost)
	by holly.dyndns.org (8.9.3/8.9.3) id AAA02134;
	Tue, 13 Apr 1999 00:47:28 -0500 (CDT)
	(envelope-from chris)
Date: Tue, 13 Apr 1999 00:47:28 -0500
From: Chris Costello <chris@holly.dyndns.org>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Mattias Pantzare <pantzer@ludd.luth.se>,
	Amancio Hasty <hasty@rah.star-gate.com>, Dmitry Valdov <dv@dv.ru>,
	Brian Feldman <green@unixhelp.org>, freebsd-current@FreeBSD.ORG
Subject: Re: DoS from local users (fwd)
Message-ID: <19990413004728.C1968@holly.dyndns.org>
Reply-To: chris@calldei.com
References: <199904102051.WAA07790@zed.ludd.luth.se> <199904102057.NAA01570@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4us
In-Reply-To: <199904102057.NAA01570@apollo.backplane.com>; from Matthew Dillon on Sat, Apr 10, 1999 at 01:57:32PM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Apr 10, 1999, Matthew Dillon wrote:
> :Sun has a product for this, Solaris Resource Manager.
> 
>     ... and if one user is *supposed* to be running all those processes, then
>     what?  Oh, let me guess:  Now you are supposed to tune each user's account
>     independantly.  For a system with general user accounts, this is a burden
>     on the sysop.

   You don't need to tune user accounts, you need only put the
users in a separate login class (if that hasn't already been
done) and modify the resource limitation for that login
restriction.

>     If one can't control one's users, one has no business managing them.  The
>     last thing FreeBSD needs is some overly complex, sophisticated scheduler
>     designed to help bozo sysops stay on their feet.

   I agree with you very much here.  Public shell systems are a
bad idea.  In my opinion, you should trust someone before you
allow them to have an account on your system.

> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>

-- 
Chris Costello                                <chris@calldei.com>

Computers talk to each other worse than their designers do.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message