Date: Tue, 14 Mar 2000 07:25:32 -0800 (PST) From: Bhishan Hemrajani <bhishan@cytosine.dhs.org> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DoS attack, Mail errors on new account Message-ID: <200003141525.HAA36430@cytosine.dhs.org> In-Reply-To: <97077.953029254@axl.ops.uunet.co.za> from Sheldon Hearn at "Mar 14, 2000 12:20:54 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
I'm pretty new at freebsd, could you help me with what you said? Also, /var/mail is writeable by the group mail, I think: drwxrwxr-x 2 root mail 512 Mar 14 07:24 mail Thank you. --bhishan > > > On Fri, 10 Mar 2000 17:51:47 PST, Bhishan Hemrajani wrote: > > > 1. I have experienced a DoS attack by one of my users > > who has used 100% of the cpu. > > I'm not saying it wasn't a DoS attack, but you should be aware that a > process listed as using 100% CPU isn't always denying service. If > nothing else requires much CPU, any relatively CPU-intensive process is > going to get 100% CPU. > > > I do have limits, and the > > process was killed after consuming 1h of CPU time. > > is there any way to limit the process to CPU usage? > > Not in the way I think you want. It sounds like you want to throttle > CPU usage, so that a given user or class of users isn't allowed to use > more than a certain percentage of the available CPU at a given time. > You can't do that. > > What you _can_ do is add the users to a login class (see the > login.conf(5) manual page) which has a high "priority". This is a > confusing name for the capability; it represents the initial _nice_ > level at which to run processes for these users. This will be very > effective in controlling CPU-bound processes, but pretty ineffective > against controlling IO-bound processes. > > > 2. After I create a user, the mail box doesn't seem to work > > correctly. I try to run elm as a new user that I created > > and it is exiting with a signal 6 because it cannot read > > /var/mail/user. > > > > This is a printout of ll in that dir after that command has run: > > -r-------- 1 test mail 5 Mar 10 17:36 test.lock > > Hmmm. What ownerships and permissions to you have on the /var/mail > directory? If they're writable by group mail, you can probably make the > elm binary sgid (2555) to group mail. That should allow this type of > mailbox locking. > > Ciao, > Sheldon. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003141525.HAA36430>