From owner-freebsd-isp Mon Jul 31 8:27:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail-secure.toplink.net (mail-secure.toplink.net [195.2.171.5]) by hub.freebsd.org (Postfix) with ESMTP id 047DD37BBFC for ; Mon, 31 Jul 2000 08:27:15 -0700 (PDT) (envelope-from ck@toplink.net) Received: from localhost.toplink.net (mail-scan.toplink.net [195.2.171.141]) by mail-secure.toplink.net (8.9.3/8.9.3) with ESMTP id RAA39964; Mon, 31 Jul 2000 17:27:06 +0200 (CEST) Received: from mail-secure.toplink.net (mail-scan [127.0.0.1]) by localhost.toplink.net (8.9.3/8.9.3) with ESMTP id RAA14695; Mon, 31 Jul 2000 17:17:23 +0200 Received: from babylon.toplink.net (babylon.toplink.net [195.2.171.90]) by mail-secure.toplink.net (8.9.3/8.9.3) with ESMTP id RAA39959; Mon, 31 Jul 2000 17:27:05 +0200 (CEST) Received: from localhost (ck@localhost) by babylon.toplink.net (8.9.3/8.9.3) with ESMTP id RAA38469; Mon, 31 Jul 2000 17:27:05 +0200 (CEST) Date: Mon, 31 Jul 2000 17:27:05 +0200 (CEST) From: Christian Kratzer To: Florian Bofinger Cc: Veaceslav Revutchi , freebsd-isp@FreeBSD.ORG Subject: Re: web hosting, what ftp to use? In-Reply-To: <20000731151130.F92108@camelot.de> Message-ID: X-NCC-RegID: de.toplink X-Spammer-Kill-Ratio: 75% X-Jihad: Will hunt down all cases of Spam and Net abuse. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Mon, 31 Jul 2000, Florian Bofinger wrote: [snipp] > We preserve us the right to browse through the Skripts of our > customers they send to us via email. > > Another possibility would be a chroot/jail-environment, but there's still > the problem of programs making high load on your webserver.. we have modified suexec to set resource limits for cgi's from /etc/login.conf before execing the customers cgi script. We currently limit cpu time to 10 seconds and memory consumption to 20mb. This has successfully stopped cpu and memory hogging cgi scripts which otherwise would have severely impacted performance on the webserver Greetings Christian -- from the end of /etc/login.conf --- apache-suexec:\ :cputime=10s:\ :filesize=unlimited:\ :datasize=20M:\ :stacksize=20M:\ :coredumpsize=unlimited:\ :memoryuse=20M:\ :memorylocked=20M:\ :maxproc=20:\ :openfiles=20:\ :priority=0: -- from the end of /etc/login.conf --- --- suexec patch --- ck@toplink8: {26} diff -c suexec.c.orig suexec.c *** suexec.c.orig Tue Jan 11 20:47:59 2000 --- suexec.c Mon Jul 31 17:25:45 2000 *************** *** 90,95 **** --- 90,99 ---- #include + #ifdef __FreeBSD__ + # include + #endif + #include "suexec.h" /* *************** *** 429,434 **** --- 433,446 ---- log_err("emerg: failed to setgid (%ld: %s)\n", gid, cmd); exit(109); } + + #ifdef __FreeBSD__ + /* + * set resource limits from /etc/login.conf + * allows one to limit cpu and memory consumption by cgi's + */ + setclasscontext( "apache-suexec", LOGIN_SETRESOURCES|LOGIN_SETPRIORITY ); + #endif /* * setuid() to the target user. Error out on fail. --- suexec patch --- -- TopLink Internet Services GmbH ck@171.2.195.in-addr.arpa Christian Kratzer http://www.toplink.net/ Phone: +49 7032 2701-0 Fax: +49 7032 2701-19 FreeBSD spoken here! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message