From owner-freebsd-hackers  Sun Jun 15 23:21:26 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id XAA17546
          for hackers-outgoing; Sun, 15 Jun 1997 23:21:26 -0700 (PDT)
Received: from misery.sdf.com (misery.sdf.com [204.244.210.193])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id XAA17527;
          Sun, 15 Jun 1997 23:21:21 -0700 (PDT)
Received: from tom by misery.sdf.com with smtp (Exim 1.62 #1)
	id 0wdV80-0002XC-00; Sun, 15 Jun 1997 23:19:00 -0700
Date: Sun, 15 Jun 1997 23:18:59 -0700 (PDT)
From: Tom Samplonius <tom@sdf.com>
To: Terry Lambert <terry@lambert.org>
cc: Josef Karthauser <joe@pavilion.net>, questions@freebsd.org,
        hackers@freebsd.org
Subject: Re: help, running out of processes. :(
In-Reply-To: <199706151850.LAA16701@phaeton.artisoft.com>
Message-ID: <Pine.BSF.3.95q.970615231558.9715A-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Sun, 15 Jun 1997, Terry Lambert wrote:

> > Can someone please help me?  We've got a web machine thta is running out
> > of processes to the extent the it can't spawn CGI scripts anymore.  This
> > started happening when I upgraded from 2.1.7.1 to 2.2.2.
> > 
> > The web server runs under the a non-priv user called webboss.  We usually
> > unlimit the number of processes and openfiles in a startup script that
> > unlimits the shell before firing up 'httpd' (apache).
> > 
> > I've created a class called 'web' in /etc/login.conf with limits of 1000
> > processes and 2000 files (we've got a USERS 128 in the kernel).  I've attached
> > this class to the 'webboss' user in the passwd file.  We're still getting
> > 'out of processes' errors for this user though.  When this last happened
> > a 'ps -aux | grep ^webboss | wc' showed 150 processes running for webboss,
> > and I couldn't 'su -m weboss' from root.
> > 
> > Does anybody know how login.conf works?  It's not clear to me from the
> > manual whether it's values act globally, or only for users that have logged
> > in?
> 
> login.conf only operates agains users whose credentials were generated
> through a login process (quotas are assigned at the time credentials
> are, when using login.conf).

  Yes, a big problem for processes that leave root after binding to a
privileged port.

  But shouldn't such processes should call setrlimit() appropriately
first?

...
> 					Terry Lambert
> 					terry@lambert.org
> ---
> Any opinions in this posting are my own and not those of my present
> or previous employers.
> 
> 

Tom