From owner-freebsd-hackers Thu Aug 5 10:54: 1 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from dt011n65.san.rr.com (dt011n65.san.rr.com [204.210.13.101]) by hub.freebsd.org (Postfix) with ESMTP id 8555C14D24 for ; Thu, 5 Aug 1999 10:53:59 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from localhost (doug@localhost) by dt011n65.san.rr.com (8.8.8/8.8.8) with ESMTP id KAA01066 for ; Thu, 5 Aug 1999 10:53:37 -0700 (PDT) (envelope-from Doug@gorean.org) Date: Thu, 5 Aug 1999 10:53:37 -0700 (PDT) From: Doug X-Sender: doug@dt011n65.san.rr.com To: freebsd-hackers@freebsd.org Subject: login.conf restrictions for suid processes possible? (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG No answer on -questions, and this is pretty urgent for me atm. Any help appreciated. Doug Greetings, :) I am working on some resource limit stuff and would like to be able to use login.conf to restrict the number of cgi processes that certain users can run. Unfortunately, the proprietary cgi product we use is owned by root and suid's to the user who owns the script that it is called to run. (This is not what I would call a "good idea," but it's what I have to work with.) I've created a login class with the appropriate permissions, and if I put a test user in that class and test its limits with normal system processes (like ls, sleep, etc.) it follows all the rules. However when I start miva (proprietary cgi) processes for scripts owned by that user, it ignores the limits, presumably because the process starts its life as root. Soooo, the question is, how can I do what I want to do, and if I can't do it with login.conf does anyone have any other suggestions? Specifically I need to restrict the amount of ram and the number of processes on a per user basis. I'm working on a -current system, but I don't think this issue bears directly on -current. Thanks for any help, Doug -- On account of being a democracy and run by the people, we are the only nation in the world that has to keep a government four years, no matter what it does. -- Will Rogers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message