Date: Thu, 28 Jan 1999 13:49:00 -0500 (EST) From: "John S. Dyson" <dyson@iquest.net> To: dillon@apollo.backplane.com (Matthew Dillon) Cc: toasty@home.dragondata.com, dyson@iquest.net, wes@softweyr.com, hackers@FreeBSD.ORG Subject: Re: High Load cron patches - comments? Message-ID: <199901281849.NAA21723@y.dyson.net> In-Reply-To: <199901281836.KAA10067@apollo.backplane.com> from Matthew Dillon at "Jan 28, 99 10:36:04 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon said: > :> > : > :I considered a 'maximum children' limit. > : > :How do you prevent a user from breaking cron by executing 100 shell scripts > :that have 'sleep 10000' in them? > : > :Kevin > > By closing his account. > > No, really... by closing his account. If a user abuses his privilage > there isn't much you can do about it no matter what kind of rate limiting > you have. All you can do is try to set the limits such that you can > still login as root and turn off the account. > > About once a month, some user on some BEST machine makes a mistake and > does something that causes a huge load. It is usually NOT intentional. > Sometimes it's a CGI runaway on a heavily-accessed site, sometimes it's > a shell script gone awry. > > We've seen loads of 600. > > The funny thing is that even with a load of 600, people can still login > to the machine and do stuff. This is because either the user or the > subsystem involved has hit a hard limit. > With proper limit schemes, your performance for the non-obnoxious user would even be better. One doesn't limit the "system" to forks/sec, but one limits individual processes (if you want to set a hard limit like that.) One can also do the right thing, and make sure that the fork has appropriate CPU usage accounting, so that the chargeback to the forking process is correct for that kind of activity. -- John | Never try to teach a pig to sing, dyson@iquest.net | it makes one look stupid jdyson@nc.com | and it irritates the pig. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901281849.NAA21723>