From owner-freebsd-hackers  Tue Jan 26 18:36:24 1999
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA10647
          for freebsd-hackers-outgoing; Tue, 26 Jan 1999 18:36:24 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from home.dragondata.com (home.dragondata.com [204.137.237.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA10642
          for <hackers@FreeBSD.ORG>; Tue, 26 Jan 1999 18:36:22 -0800 (PST)
          (envelope-from toasty@home.dragondata.com)
Received: (from toasty@localhost)
	by home.dragondata.com (8.9.2/8.9.2) id UAA02717;
	Tue, 26 Jan 1999 20:36:17 -0600 (CST)
From: Kevin Day <toasty@home.dragondata.com>
Message-Id: <199901270236.UAA02717@home.dragondata.com>
Subject: Re: High Load cron patches - comments?
In-Reply-To: <199901270208.SAA27656@apollo.backplane.com> from Matthew Dillon at "Jan 26, 1999  6: 8:58 pm"
To: dillon@apollo.backplane.com (Matthew Dillon)
Date: Tue, 26 Jan 1999 20:36:16 -0600 (CST)
Cc: hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> :> 
> :> 	vi /var/cron/tabs/*
> :> 
> :> 	(manually mix up the minutes boundry for jobs that people ran at
> :> 	common points, like the top of the hour)
> :> 
> :> 	kill the cron process
> :> 	restart it
> :> 
> :
> :Tried that, but it doesn't stay fixed long enough, and we've had the
> :occasional disgruntled user put 5000 'find /'s in his crontab and watch the
> :machine explode.
> 
>     Woa!  It's trivial to handle that situation, just give your users
>     reasonable resource limits.
> 
>     All of BEST's users are placed in the 'standard' class.  I then have
>     a 'standard' entry in /etc/login.conf that gives them reasonable resource
>     limits.
> 
>     It's possible that due to the way cron works, the resource limits is not
>     being held to, but since cron runs a shell script and that runs the find,
>     the resource limits should be held to.  If not, we can fix cron.
> 
>     We occassionally had some idiot IRC hacker login and try to take down
>     the machine from a shell prompt, usually with a fork attack, but since
>     we've put in the resource limits they've never been able to do it.  It's
>     quite amusing.  I gave rather generous resource limits -- normal users
>     usually don't even know they are there.

We do have pretty strict resource limits already.

Even 10-20 find processes running, restarting every minute as they
finish/exceed cpu limit is nasty. :)


Kevin

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message