From owner-freebsd-hackers Tue Jan 26 18:36:24 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA10647 for freebsd-hackers-outgoing; Tue, 26 Jan 1999 18:36:24 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from home.dragondata.com (home.dragondata.com [204.137.237.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA10642 for ; Tue, 26 Jan 1999 18:36:22 -0800 (PST) (envelope-from toasty@home.dragondata.com) Received: (from toasty@localhost) by home.dragondata.com (8.9.2/8.9.2) id UAA02717; Tue, 26 Jan 1999 20:36:17 -0600 (CST) From: Kevin Day Message-Id: <199901270236.UAA02717@home.dragondata.com> Subject: Re: High Load cron patches - comments? In-Reply-To: <199901270208.SAA27656@apollo.backplane.com> from Matthew Dillon at "Jan 26, 1999 6: 8:58 pm" To: dillon@apollo.backplane.com (Matthew Dillon) Date: Tue, 26 Jan 1999 20:36:16 -0600 (CST) Cc: hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > :> > :> vi /var/cron/tabs/* > :> > :> (manually mix up the minutes boundry for jobs that people ran at > :> common points, like the top of the hour) > :> > :> kill the cron process > :> restart it > :> > : > :Tried that, but it doesn't stay fixed long enough, and we've had the > :occasional disgruntled user put 5000 'find /'s in his crontab and watch the > :machine explode. > > Woa! It's trivial to handle that situation, just give your users > reasonable resource limits. > > All of BEST's users are placed in the 'standard' class. I then have > a 'standard' entry in /etc/login.conf that gives them reasonable resource > limits. > > It's possible that due to the way cron works, the resource limits is not > being held to, but since cron runs a shell script and that runs the find, > the resource limits should be held to. If not, we can fix cron. > > We occassionally had some idiot IRC hacker login and try to take down > the machine from a shell prompt, usually with a fork attack, but since > we've put in the resource limits they've never been able to do it. It's > quite amusing. I gave rather generous resource limits -- normal users > usually don't even know they are there. We do have pretty strict resource limits already. Even 10-20 find processes running, restarting every minute as they finish/exceed cpu limit is nasty. :) Kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message