From owner-freebsd-hackers Thu Jan 28 10:56:17 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA24638 for freebsd-hackers-outgoing; Thu, 28 Jan 1999 10:56:17 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from iquest3.iquest.net (iquest3.iquest.net [209.43.20.203]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA24633 for ; Thu, 28 Jan 1999 10:56:16 -0800 (PST) (envelope-from toor@y.dyson.net) Received: (qmail 15488 invoked from network); 28 Jan 1999 18:56:12 -0000 Received: from dyson.iquest.net (HELO y.dyson.net) (198.70.144.127) by iquest3.iquest.net with SMTP; 28 Jan 1999 18:56:12 -0000 Received: (from root@localhost) by y.dyson.net (8.9.1/8.9.1) id NAA21763; Thu, 28 Jan 1999 13:56:12 -0500 (EST) Message-Id: <199901281856.NAA21763@y.dyson.net> Subject: Re: High Load cron patches - comments? In-Reply-To: <199901281849.NAA21723@y.dyson.net> from "John S. Dyson" at "Jan 28, 99 01:49:00 pm" To: dyson@iquest.net Date: Thu, 28 Jan 1999 13:56:12 -0500 (EST) Cc: dillon@apollo.backplane.com, toasty@home.dragondata.com, dyson@iquest.net, wes@softweyr.com, hackers@FreeBSD.ORG From: "John S. Dyson" Reply-To: dyson@iquest.net X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John S. Dyson said: > Matthew Dillon said: > > :> > > : > > :I considered a 'maximum children' limit. > > : > > :How do you prevent a user from breaking cron by executing 100 shell scripts > > :that have 'sleep 10000' in them? > > : > > :Kevin > > > > By closing his account. > > > > No, really... by closing his account. If a user abuses his privilage > > there isn't much you can do about it no matter what kind of rate limiting > > you have. All you can do is try to set the limits such that you can > > still login as root and turn off the account. > > > > About once a month, some user on some BEST machine makes a mistake and > > does something that causes a huge load. It is usually NOT intentional. > > Sometimes it's a CGI runaway on a heavily-accessed site, sometimes it's > > a shell script gone awry. > > > > We've seen loads of 600. > > > > The funny thing is that even with a load of 600, people can still login > > to the machine and do stuff. This is because either the user or the > > subsystem involved has hit a hard limit. > > > With proper limit schemes, your performance for the non-obnoxious user would > even be better. One doesn't limit the "system" to forks/sec, but one limits > individual processes (if you want to set a hard limit like that.) One can > also do the right thing, and make sure that the fork has appropriate CPU > usage accounting, so that the chargeback to the forking process is correct > for that kind of activity. > One more comment about this posting: Rather than limiting the "system" to forks/sec, but limit it's CPU usage to something sane. -- John | Never try to teach a pig to sing, dyson@iquest.net | it makes one look stupid jdyson@nc.com | and it irritates the pig. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message