Date: Thu, 25 Jan 2001 21:14:18 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Allen Edwards <aedwards@hiqinternet.com> Cc: freebsd-security@freebsd.org Subject: Re: Newbie Post - Limiting processes Message-ID: <20010125211418.B1122@ringworld.oblivion.bg> In-Reply-To: <NCBBKJBPKLMFELAPAEHGIELPCCAA.aedwards@hiqinternet.com>; from aedwards@hiqinternet.com on Thu, Jan 25, 2001 at 01:31:42PM -0500 References: <NCBBKJBPKLMFELAPAEHGIELPCCAA.aedwards@hiqinternet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 25, 2001 at 01:31:42PM -0500, Allen Edwards wrote: > Feel free to flame the newbie if he asks an off topic question (great now > I'm talking about myself in the 3rd person). > > Is there a way to limit a user to a certain number of processes? e.g. one > foreground and one background process. > > I am working on providing some shell accounts to a few clients who have > requested it and have heard of persons doing this. Well, you can limit the total number of processes a user is allowed to run at any given time, background or foreground alike. Look at the login.conf(5) manpage; you can define a custom login class for your shell users, so that limits are only enforced for them, and not for your privileged admin logins. 'maxproc' is the setting for the total number of processes; I don't think you can control the number of background processes, but if your users happen to run too many of those, they will not even be able to login later :) Actually, *one* foreground process is a bit too much - you need at least one for the shell and one for any program the user might run. Each shell pipe and/or other program fork is one more process. So.. tread lightly :) G'luck, Peter -- I've heard that this sentence is a rumor. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010125211418.B1122>