From owner-freebsd-current@FreeBSD.ORG Mon Oct 18 17:57:54 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51B3C16A4CF; Mon, 18 Oct 2004 17:57:54 +0000 (GMT) Received: from carver.gumbysoft.com (carver.gumbysoft.com [66.220.23.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C685443D2D; Mon, 18 Oct 2004 17:57:53 +0000 (GMT) (envelope-from dwhite@gumbysoft.com) Received: by carver.gumbysoft.com (Postfix, from userid 1000) id 971D372DD4; Mon, 18 Oct 2004 10:57:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by carver.gumbysoft.com (Postfix) with ESMTP id 91E6D72DCB; Mon, 18 Oct 2004 10:57:53 -0700 (PDT) Date: Mon, 18 Oct 2004 10:57:53 -0700 (PDT) From: Doug White To: Borghesi Guilhem In-Reply-To: <416FCCD6.5020401@dpt-info.u-strasbg.fr> Message-ID: <20041018104945.M3917@carver.gumbysoft.com> References: <416FCCD6.5020401@dpt-info.u-strasbg.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@freebsd.org cc: freebsd-sparc64@freebsd.org Subject: Re: limits of maxproc on SUN E450 with FreeBSD 5.3 Beta7 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2004 17:57:54 -0000 On Fri, 15 Oct 2004, Borghesi Guilhem wrote: > I've installed a FreeBSD 5.3 Beta7 on a Sun sparc64 Enterprise 450. > This machine is a Terminal and application server for University > students. They are using this server for system programming (C for > example) and they often use the command "fork ()" into "while" loops. We call that a "forkbomb." > This kind of bad programming is quite frequent at the university, and > that's the reason why I'm trying to limit the number of maxproc per > user. I've limited the maxproc with the /etc/login.conf file at 100 and > make a "cap_mkdb /etc/login.conf", but it doesn't work. Worst, when the > number of processes reach the limit, the server crash with the console > message :"panic: trap: data access error". > > I've tried to put "unlimited" in place of "100", but it does'nt change > anything because the system has an implicit limit for users > (kern.maxprocperuid: 5547). It should change the soft limit on maxproc, and the kernel sysctl is the hard limit. The user can change the limit up to the hard limit, but it will start out at the soft limit. What as the exact change you made to login.conf? Did you test it after logging out and logging back in? How were you logging in? Obviously, the panic isn't such a great thing. Did you get a crashdump? > In the /var/log/messages, the last line before crash is : > "kernel: maxproc limit exceeded by uid 10051, please see tuning(7) and > login.conf(5)." > > Thank's a lot for any help ! > > Guilhem > > Here are my dmesg and login.conf files : > > dmesg : > =================================== > Copstray vector interrupt 2029 > yright (c) 1992-2004 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 5.3-BETA7 #3: Wed Oct 13 20:24:13 CEST 2004 > toor@ada.u-strasbg.fr:/usr/obj/usr/src/sys/GENERIC > real memory = 4294967296 (4096 MB) > avail memory = 4177952768 (3984 MB) > cpu0: Sun Microsystems UltraSparc-II Processor (480.00 MHz CPU) > cpu1: Sun Microsystems UltraSparc-II Processor (480.00 MHz CPU) > cpu2: Sun Microsystems UltraSparc-II Processor (480.00 MHz CPU) > cpu3: Sun Microsystems UltraSparc-II Processor (480.00 MHz CPU) > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs > nexus0: > nexus0: , type (unknown) (no driver attached) > pcib0: on nexus0 > pcib0: Psycho, impl 0, version 4, ign 0x7c0, bus B > pcib0: [FAST] > pcib0: [GIANT-LOCKED] > pcib0: [FAST] > pcib0: [GIANT-LOCKED] > pcib0: [FAST] > initializing counter-timer > Timecounter "counter-timer" frequency 1000000 Hz quality 100 > pcib0 dvma: DVMA map: 0xfc000000 to 0xffffffff > pci0: on pcib0 > ebus0: mem > 0x71000000-0x717fffff,0x70000000-0x70ffffff at device 1.0 on pci0 > ebus0: addr > 0x140072f000-0x140072f003,0x140072c000-0x140072c003,0x140072a000-0x140072a003,0x1400728000-0x1400728003,0x1400726000-0x1400726003 > > > > > > (no driver attached) > ebus0: addr 0x1400724000-0x1400724003 irq 2034,2021 (no driver > attached) > ebus0: addr 0x1400504000-0x1400504002 (no driver attached) > ebus0: addr 0x1400500000-0x1400500007 (no driver attached) > sab0: addr 0x1400400000-0x140040007f irq 43 on > ebus0 > sab0: [FAST] > sabtty0: on sab0 > sabtty1: on sab0 > ebus0: addr 0x14003083f8-0x14003083ff irq 41 (no driver attached) > ebus0: addr 0x14003062f8-0x14003062ff irq 42 (no driver attached) > ebus0: addr > 0x1400700000-0x140070000f,0x1400300398-0x1400300399,0x14003043bc-0x14003043cb > > > > > > irq 2018 (no driver attached) > ebus0: addr > 0x1400720000-0x1400720003,0x1400706000-0x140070600f,0x14003023f0-0x14003023f7 > > > > > > irq 2023 (no driver attached) > eeprom0: addr 0x1400000000-0x1400001fff on ebus0 > eeprom0: model mk48t59 > eeprom0: hostid 80fee436 > ebus0: addr > 0x1000000000-0x10000fffff,0x1000000000-0x10000fffff (no driver attached) > ebus0: addr 0x1400600000-0x1400600003 irq 2021,2024 (no > driver attached) > hme0: mem 0x8000-0xffff at device 1.1 on pci0 > miibus0: on hme0 > nsphy0: on miibus0 > nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > hme0: Ethernet address: 08:00:20:fe:e4:36 > hme0: if_start running deferred for Giant > hme0: [GIANT-LOCKED] > sym0: <875> port 0x400-0x4ff mem 0x12000-0x12fff,0x10000-0x100ff at > device 3.0 on pci0 > sym0: No NVRAM, ID 7, Fast-20, SE, parity checking > sym0: [GIANT-LOCKED] > sym1: <875> port 0x800-0x8ff mem 0x16000-0x16fff,0x14000-0x140ff at > device 2.0 on pci0 > sym1: No NVRAM, ID 7, Fast-20, SE, parity checking > sym1: [GIANT-LOCKED] > pci0: at device 4.0 (no driver attached) > pcib1: on nexus0 > pcib1: Psycho, impl 0, version 4, ign 0x7c0, bus A > pci1: on pcib1 > nexus0: , type memory-controller (no driver attached) > pcib2: on nexus0 > pcib2: Psycho, impl 0, version 4, ign 0x100, bus B > pcib2: [FAST] > pcib2: [GIANT-LOCKED] > pcib2: [FAST] > pcib2: [GIANT-LOCKED] > pcib2: [FAST] > initializing counter-timer > Timecounter "counter-timer" frequency 1000000 Hz quality 100 > pcib2 dvma: DVMA map: 0xfc000000 to 0xffffffff > pci2: on pcib2 > pcib3: on nexus0 > pcib3: Psycho, impl 0, version 4, ign 0x100, bus A > pci3: on pcib3 > pcib4: on nexus0 > pcib4: Psycho, impl 0, version 4, ign 0x180, bus B > pcib4: [FAST] > pcib4: [GIANT-LOCKED] > pcib4: [FAST] > pcib4: [GIANT-LOCKED] > pcib4: [FAST] > initializing counter-timer > Timecounter "counter-timer" frequency 1000000 Hz quality 100 > pcib4 dvma: DVMA map: 0xfc000000 to 0xffffffff > pci4: on pcib4 > pcib5: on nexus0 > pcib5: Psycho, impl 0, version 4, ign 0x180, bus A > pci5: on pcib5 > Timecounters tick every 10.000 msec > Waiting 15 seconds for SCSI devices to settle > da0 at sym0 bus 0 target 0 lun 0 > da0: Fixed Direct Access SCSI-2 device > da0: 40.000MB/s transfers (20.000MHz, offset 16, 16bit), Tagged Queueing > Enabled > da0: 34732MB (71132959 512 byte sectors: 255H 63S/T 4427C) > da2 at sym0 bus 0 target 3 lun 0 > da2: Fixed Direct Access SCSI-2 device > da2: 40.000MB/s transfers (20.000MHz, offset 16, 16bit), Tagged Queueing > Enabled > da2: 34732MB (71132959 512 byte sectors: 255H 63S/T 4427C) > da1 at sym0 bus 0 target 1 lun 0 > da1: Fixed Direct Access SCSI-3 device > da1: 40.000MB/s transfers (20.000MHz, offset 16, 16bit), Tagged Queueing > Enabled > da1: 34732MB (71132959 512 byte sectors: 255H 63S/T 4427C) > SMP: AP CPU #3 Launched! > SMP: AP CPU #2 Launched! > SMP: AP CPU #1 Launched! > cd0 at sym1 bus 0 target 6 lun 0 > cd0: Removable CD-ROM SCSI-2 device > cd0: 20.000MB/s transfers (20.000MHz, offset 16) > cd0: Attempt to query device size failed: NOT READY, Medium not present > Mounting root from ufs:/dev/da0a > WARNING: / was not properly dismounted > WARNING: /usr was not properly dismounted > /usr: superblock summary recomputed > WARNING: /var was not properly dismounted > WARNING: /users was not properly dismounted > /users: superblock summary recomputed > hme0: invalid packet size 9929; dropping > hme0: invalid packet size 9929; dropping > hme0: invalid packet size 9929; dropping > hme0: invalid packet size 6348; dropping > hme0: invalid packet size 9929; dropping > hme0: too may errors; not reporting any more > pid 1486 (TCPs), uid 2048: exited on signal 11 (core dumped) > pid 1490 (TCPs), uid 2048: exited on signal 11 (core dumped) > pid 1772 (TCPs), uid 2048: exited on signal 11 (core dumped) > pid 2354 (TCPs), uid 2048: exited on signal 11 (core dumped) > pid 2657 (upile), uid 4071: exited on signal 11 (core dumped) > pid 2978 (TCPs), uid 2048: exited on signal 11 (core dumped) > pid 3110 (TCPs), uid 2048: exited on signal 11 (core dumped) > pid 3122 (TCPs), uid 2048: exited on signal 11 (core dumped) > > =================================== > > > login.conf: > =================================== > # login.conf - login class capabilities database. > # > # Remember to rebuild the database after each change to this file: > # > # cap_mkdb /etc/login.conf > # > # This file controls resource limits, accounting limits and > # default user environment settings. > # > # $FreeBSD: src/etc/login.conf,v 1.49 2004/06/06 11:46:27 schweikh Exp $ > # > > # Default settings effectively disable resource limits, see the > # examples below for a starting point to enable them. > > # defaults > # These settings are used by login(1) by default for classless users > # Note that entries like "cputime" set both "cputime-cur" and "cputime-max" > > default:\ > :passwd_format=md5:\ > :copyright=/etc/COPYRIGHT:\ > :welcome=/etc/motd:\ > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ > :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin > /usr/local/bin /usr/X11R6/bin ~/bin:\ > :nologin=/var/run/nologin:\ > :cputime=unlimited:\ > :datasize=unlimited:\ > :stacksize=unlimited:\ > :memorylocked=unlimited:\ > :memoryuse=unlimited:\ > :filesize=unlimited:\ > :coredumpsize=unlimited:\ > :openfiles=unlimited:\ > :maxproc=unlimited:\ > :sbsize=unlimited:\ > :vmemoryuse=unlimited:\ > :priority=0:\ > :ignoretime@:\ > :umask=022: > > > # > # A collection of common class names - forward them all to 'default' > # (login would normally do this anyway, but having a class name > # here suppresses the diagnostic) > # > standard:\ > :tc=default: > xuser:\ > :tc=default: > staff:\ > :tc=default: > daemon:\ > :tc=default: > news:\ > :tc=default: > dialer:\ > :tc=default: > > # > # Root can always login > # > # N.B. login_getpwclass(3) will use this entry for the root account, > # in preference to 'default'. > root:\ > :ignorenologin:\ > :tc=default: > > # > # Russian Users Accounts. Setup proper environment variables. > # > russian|Russian Users Accounts:\ > :charset=KOI8-R:\ > :lang=ru_RU.KOI8-R:\ > :tc=default: > > > ###################################################################### > ###################################################################### > ## > ## Example entries > ## > ###################################################################### > ###################################################################### > > ## Example defaults > ## These settings are used by login(1) by default for classless users > ## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" > # > #default:\ > # :cputime=infinity:\ > # :datasize-cur=22M:\ > # :stacksize-cur=8M:\ > # :memorylocked-cur=10M:\ > # :memoryuse-cur=30M:\ > # :filesize=infinity:\ > # :coredumpsize=infinity:\ > # :maxproc-cur=64:\ > # :openfiles-cur=64:\ > # :priority=0:\ > # :requirehome@:\ > # :umask=022:\ > # :tc=auth-defaults: > # > # > ## > ## standard - standard user defaults > ## > #standard:\ > # :copyright=/etc/COPYRIGHT:\ > # :welcome=/etc/motd:\ > # :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ > # :path=~/bin /bin /usr/bin /usr/local/bin:\ > # :manpath=/usr/share/man /usr/local/man:\ > # :nologin=/var/run/nologin:\ > # :cputime=1h30m:\ > # :datasize=8M:\ > # :vmemoryuse=100M:\ > # :stacksize=2M:\ > # :memorylocked=4M:\ > # :memoryuse=8M:\ > # :filesize=8M:\ > # :coredumpsize=8M:\ > # :openfiles=24:\ > # :maxproc=32:\ > # :priority=0:\ > # :requirehome:\ > # :passwordtime=90d:\ > # :umask=002:\ > # :ignoretime@:\ > # :tc=default: > # > # > ## > ## users of X (needs more resources!) > ## > #xuser:\ > # :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ > # :cputime=4h:\ > # :datasize=12M:\ > # :vmemoryuse=infinity:\ > # :stacksize=4M:\ > # :filesize=8M:\ > # :memoryuse=16M:\ > # :openfiles=32:\ > # :maxproc=48:\ > # :tc=standard: > # > # > ## > ## Staff users - few restrictions and allow login anytime > ## > #staff:\ > # :ignorenologin:\ > # :ignoretime:\ > # :requirehome@:\ > # :accounted@:\ > # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin > /usr/local/sbin:\ > # :umask=022:\ > # :tc=standard: > # > # > ## > ## root - fallback for root logins > ## > #root:\ > # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin > /usr/local/sbin:\ > # :cputime=infinity:\ > # :datasize=infinity:\ > # :stacksize=infinity:\ > # :memorylocked=infinity:\ > # :memoryuse=infinity:\ > # :filesize=infinity:\ > # :coredumpsize=infinity:\ > # :openfiles=infinity:\ > # :maxproc=infinity:\ > # :memoryuse-cur=32M:\ > # :maxproc-cur=64:\ > # :openfiles-cur=1024:\ > # :priority=0:\ > # :requirehome@:\ > # :umask=022:\ > # :tc=auth-root-defaults: > # > # > ## > ## Settings used by /etc/rc > ## > #daemon:\ > # :coredumpsize@:\ > # :coredumpsize-cur=0:\ > # :datasize=infinity:\ > # :datasize-cur@:\ > # :maxproc=512:\ > # :maxproc-cur@:\ > # :memoryuse-cur=64M:\ > # :memorylocked-cur=64M:\ > # :openfiles=1024:\ > # :openfiles-cur@:\ > # :stacksize=16M:\ > # :stacksize-cur@:\ > # :tc=default: > # > # > ## > ## Settings used by news subsystem > ## > #news:\ > # :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin > /usr/local/bin /usr/local/sbin:\ > # :cputime=infinity:\ > # :filesize=128M:\ > # :datasize-cur=64M:\ > # :stacksize-cur=32M:\ > # :coredumpsize-cur=0:\ > # :maxmemorysize-cur=128M:\ > # :memorylocked=32M:\ > # :maxproc=128:\ > # :openfiles=256:\ > # :tc=default: > # > # > ## > ## The dialer class should be used for a dialup PPP/SLIP accounts > ## Welcome messages/news suppressed > ## > #dialer:\ > # :hushlogin:\ > # :requirehome@:\ > # :cputime=unlimited:\ > # :filesize=2M:\ > # :datasize=2M:\ > # :stacksize=4M:\ > # :coredumpsize=0:\ > # :memoryuse=4M:\ > # :memorylocked=1M:\ > # :maxproc=16:\ > # :openfiles=32:\ > # :tc=standard: > # > # > ## > ## Site full-time 24/7 PPP/SLIP connections > ## - no time accounting, restricted to access via dialin lines > ## > #site:\ > # :ignoretime:\ > # :passwordtime@:\ > # :refreshtime@:\ > # :refreshperiod@:\ > # :sessionlimit@:\ > # :autodelete@:\ > # :expireperiod@:\ > # :graceexpire@:\ > # :gracetime@:\ > # :warnexpire@:\ > # :warnpassword@:\ > # :idletime@:\ > # :sessiontime@:\ > # :daytime@:\ > # :weektime@:\ > # :monthtime@:\ > # :warntime@:\ > # :accounted@:\ > # :tc=dialer:\ > # :tc=staff: > # > # > ## > ## Example standard accounting entries for subscriber levels > ## > # > #subscriber|Subscribers:\ > # :accounted:\ > # :refreshtime=180d:\ > # :refreshperiod@:\ > # :sessionlimit@:\ > # :autodelete=30d:\ > # :expireperiod=180d:\ > # :graceexpire=7d:\ > # :gracetime=10m:\ > # :warnexpire=7d:\ > # :warnpassword=7d:\ > # :idletime=30m:\ > # :sessiontime=4h:\ > # :daytime=6h:\ > # :weektime=40h:\ > # :monthtime=120h:\ > # :warntime=4h:\ > # :tc=standard: > # > # > ## > ## Subscriber accounts. These accounts have their login times > ## accounted and have access limits applied. > ## > #subppp|PPP Subscriber Accounts:\ > # :tc=dialer:\ > # :tc=subscriber: > # > # > #subslip|SLIP Subscriber Accounts:\ > # :tc=dialer:\ > # :tc=subscriber: > # > # > #subshell|Shell Subscriber Accounts:\ > # :tc=subscriber: > # > ## > ## If you want some of the accounts to use traditional UNIX DES based > ## password hashes. > ## > #des_users:\ > # :passwd_format=des:\ > # :tc=default: > > =================================== > > > > -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org