Date: Thu, 28 Jan 1999 10:36:04 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Kevin Day <toasty@home.dragondata.com> Cc: dyson@iquest.net, wes@softweyr.com, hackers@FreeBSD.ORG Subject: Re: High Load cron patches - comments? Message-ID: <199901281836.KAA10067@apollo.backplane.com> References: <199901281826.MAA06446@home.dragondata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:>
:
:I considered a 'maximum children' limit.
:
:How do you prevent a user from breaking cron by executing 100 shell scripts
:that have 'sleep 10000' in them?
:
:Kevin
By closing his account.
No, really... by closing his account. If a user abuses his privilage
there isn't much you can do about it no matter what kind of rate limiting
you have. All you can do is try to set the limits such that you can
still login as root and turn off the account.
About once a month, some user on some BEST machine makes a mistake and
does something that causes a huge load. It is usually NOT intentional.
Sometimes it's a CGI runaway on a heavily-accessed site, sometimes it's
a shell script gone awry.
We've seen loads of 600.
The funny thing is that even with a load of 600, people can still login
to the machine and do stuff. This is because either the user or the
subsystem involved has hit a hard limit.
Without hard limits, such screwups would take down the machine. Given
the choice between a machine going down and being able to login and fix
the problem, I'll choose the latter every time. I would rather the
web server slow down for 10 minutes while we fix the problem then have
the machine take 20 minutes to die and then have to reboot it.
It is not possible to handle these situations automatically... no amount
of load balancing or rate limiting software will prevent a user's mistake
from loading down the system or interfering with other users.
One has alarm points - if the load goes over a hundred something
is obviously wrong and bells start ringing :-).
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901281836.KAA10067>