Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Jul 2000 17:27:05 +0200 (CEST)
From:      Christian Kratzer <ck@toplink.net>
To:        Florian Bofinger <bofax@camelot.de>
Cc:        Veaceslav Revutchi <vr@dnt.md>, freebsd-isp@FreeBSD.ORG
Subject:   Re: web hosting, what ftp to use?
Message-ID:  <Pine.BSF.4.10.10007311720140.36361-100000@babylon.toplink.net>
In-Reply-To: <20000731151130.F92108@camelot.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

On Mon, 31 Jul 2000, Florian Bofinger wrote:
[snipp]
> We preserve us the right to browse through the Skripts of our
> customers they send to us via email.
> 
> Another possibility would be a chroot/jail-environment, but there's still
> the problem of programs making high load on your webserver..

we have modified suexec to set resource limits for cgi's from /etc/login.conf
before execing the customers cgi script.

We currently limit cpu time to 10 seconds and memory consumption to 20mb.
This has successfully stopped cpu and memory hogging cgi scripts which
otherwise would have severely impacted performance on the webserver 

Greetings
Christian

-- from the end of /etc/login.conf ---

apache-suexec:\
        :cputime=10s:\
        :filesize=unlimited:\
        :datasize=20M:\
        :stacksize=20M:\
        :coredumpsize=unlimited:\
        :memoryuse=20M:\
        :memorylocked=20M:\
        :maxproc=20:\
        :openfiles=20:\
        :priority=0:

-- from the end of /etc/login.conf ---


--- suexec patch ---
ck@toplink8: {26} diff -c suexec.c.orig suexec.c
*** suexec.c.orig       Tue Jan 11 20:47:59 2000
--- suexec.c   Mon Jul 31 17:25:45 2000
***************
*** 90,95 ****
--- 90,99 ----
  
  #include <stdarg.h>
  
+ #ifdef __FreeBSD__
+ #  include <login_cap.h>
+ #endif
+ 
  #include "suexec.h"
  
  /*
***************
*** 429,434 ****
--- 433,446 ----
        log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd);
        exit(109);
      }
+ 
+ #ifdef __FreeBSD__
+     /*
+      * set resource limits from /etc/login.conf
+      * allows one to limit cpu and memory consumption by cgi's
+      */
+     setclasscontext( "apache-suexec", LOGIN_SETRESOURCES|LOGIN_SETPRIORITY ); 
+ #endif
  
      /*
       * setuid() to the target user.  Error out on fail.
--- suexec patch ---






-- 
TopLink Internet Services GmbH			ck@171.2.195.in-addr.arpa
Christian Kratzer				http://www.toplink.net/
Phone: 	+49 7032 2701-0
Fax: 	+49 7032 2701-19	FreeBSD spoken here!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10007311720140.36361-100000>