Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Apr 1999 13:30:02 -0700
From:      Amancio Hasty <hasty@rah.star-gate.com>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Dmitry Valdov <dv@dv.ru>, Brian Feldman <green@unixhelp.org>, freebsd-current@FreeBSD.ORG
Subject:   Re: DoS from local users (fwd) 
Message-ID:  <199904102030.NAA08796@rah.star-gate.com>
In-Reply-To: Your message of "Sat, 10 Apr 1999 13:11:45 PDT." <199904102011.NAA01133@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
It should be possible to prevent a user from hogging a system if the system's
naive scheduler is improved.

	Amancio

>     It is not possible to prevent a user from hogging the cpu on the system.
>     What you *CAN* do is make it difficult for the user to crash the system
>     by limiting the number of processes he is allowed to run, the maximum 
>     data segment size each process is allowed to allocate, and by placing
>     quotas on disk partitions he has write access to.  This allows a
>     sysop to get on the system and blow the idiot user away without having 
>     to reboot.
> 
>     cpu utilization has nothing to do with system cpu verses user cpu.  cpu
>     is cpu.  One process can hog the cpu, it doesn't really matter whether
>     it is supervisor or user mode cpu.  The system will attempt to balance
>     cpu utilization when several processes need cpu.  The worst a user can
>     do cpu-wise is to start N cpu-bound processes.
> 
>     Starting N cpu-bound processes will drive the load up on the machine, but
>     as long as N is limited it will not prevent a sysop from getting in there
>     and taking out the user.
> 
>     You don't give user accounts away to people who you think might
>     try to crash the system, so resource limits are mostly there to prevent
>     users making stupid mistakes from taking the system down with them.
> 
> 						    -Matt
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904102030.NAA08796>