From owner-freebsd-hackers  Thu Jan 28 10:49:04 1999
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA24085
          for freebsd-hackers-outgoing; Thu, 28 Jan 1999 10:49:04 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from iquest3.iquest.net (iquest3.iquest.net [209.43.20.203])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA24078
          for <hackers@FreeBSD.ORG>; Thu, 28 Jan 1999 10:49:03 -0800 (PST)
          (envelope-from toor@y.dyson.net)
Received: (qmail 6771 invoked from network); 28 Jan 1999 18:49:00 -0000
Received: from dyson.iquest.net (HELO y.dyson.net) (198.70.144.127)
  by iquest3.iquest.net with SMTP; 28 Jan 1999 18:49:00 -0000
Received: (from root@localhost)
	by y.dyson.net (8.9.1/8.9.1) id NAA21723;
	Thu, 28 Jan 1999 13:49:00 -0500 (EST)
Message-Id: <199901281849.NAA21723@y.dyson.net>
Subject: Re: High Load cron patches - comments?
In-Reply-To: <199901281836.KAA10067@apollo.backplane.com> from Matthew Dillon at "Jan 28, 99 10:36:04 am"
To: dillon@apollo.backplane.com (Matthew Dillon)
Date: Thu, 28 Jan 1999 13:49:00 -0500 (EST)
Cc: toasty@home.dragondata.com, dyson@iquest.net, wes@softweyr.com,
        hackers@FreeBSD.ORG
From: "John S. Dyson" <dyson@iquest.net>
Reply-To: dyson@iquest.net
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Matthew Dillon said:
> :> 
> :
> :I considered a 'maximum children' limit.
> :
> :How do you prevent a user from breaking cron by executing 100 shell scripts
> :that have 'sleep 10000' in them?
> :
> :Kevin
> 
>     By closing his account.
> 
>     No, really... by closing his account.  If a user abuses his privilage
>     there isn't much you can do about it no matter what kind of rate limiting
>     you have.  All you can do is try to set the limits such that you can
>     still login as root and turn off the account.
> 
>     About once a month, some user on some BEST machine makes a mistake and
>     does something that causes a huge load.  It is usually NOT intentional.
>     Sometimes it's a CGI runaway on a heavily-accessed site, sometimes it's 
>     a shell script gone awry.
> 
>     We've seen loads of 600.
> 
>     The funny thing is that even with a load of 600, people can still login
>     to the machine and do stuff.  This is because either the user or the
>     subsystem involved has hit a hard limit.
> 
With proper limit schemes, your performance for the non-obnoxious user would
even be better.  One doesn't limit the "system" to forks/sec, but one limits
individual processes (if you want to set a hard limit like that.)  One can
also do the right thing, and make sure that the fork has appropriate CPU
usage accounting, so that the chargeback to the forking process is correct
for that kind of activity.

-- 
John                  | Never try to teach a pig to sing,
dyson@iquest.net      | it makes one look stupid
jdyson@nc.com         | and it irritates the pig.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message