On Sat, 10 Apr 1999, Dmitry Valdov wrote:
> On Sat, 10 Apr 1999, Chris Costello wrote:
> > Date: Sat, 10 Apr 1999 02:05:33 -0500
> > From: Chris Costello <firstname.lastname@example.org>
> > Reply-To: email@example.com
> > To: Dmitry Valdov <firstname.lastname@example.org>
> > Cc: freebsd-current@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
> > Subject: Re: DoS from local users (fwd)
> > On Sat, Apr 10, 1999, Dmitry Valdov wrote:
> > > > You typically want to set a restriction as to how many
> > > > processes a user can spawn. This is done by editing
> > > > /etc/login.conf and changing the user's login class, see the man
> > > > page for 'login.conf'.
> > > >
> > >
> > > I'm about CPU usage, not about many processes.
> > > See:
> > > CPU states: 17.8% user, 0.0% nice, 81.7% system, 0.5% interrupt, 0.0%
> > > idle
> > > on any (tested on P2-45) machine.
> > >
> > > CPU is used by SYSTEM, not by USER. So I can't restrict it with login.conf
> > > And load average can be up to 20-40 :(
> > >
> > > Please don't redirect me to -questions, it's a kernel problem, not just
> > > config.
> > How is it a kernel problem? It's a forkbomb. It spawns many
> > processes. You can also limit CPU usage with login.conf, I
> > believe.
> Hmm. How I can limit CPU usage by SYSTEM? See top's output below.
> PS. I've just tried it. And I'm right - CPU usage limit can't help.
So? Processes that run a while go down in priority [McKusick95 I believe, THE
book] so they are preempted easily. Look in top and see if they're all at
the top of the list. I bet they're not! Also, you can set per-user niceness
levels, and why are you being so liberal giving a standard LUSER 32 processes?
This is a system administration problem.
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
Brian Feldman _ __ ___ ____ ___ ___ ___
email@example.com _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \__ \ |) |
http://www.freebsd.org _ |___/___/___/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message