Re: Sys Admin question

Admin Mailing Lists (mlist@intergrafix.net)
Tue, 26 Oct 1999 11:44:51 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rui Sousa: "Linux-2.2.12 OOPS (select_dcache)"
Previous message: Dominik Kubla: "Re: file descritor 255 is always associated with /dev/tty[?] ?"

> It seems like the system can't say that enough is enough for a greedy user
> and start making mmap() fail for them, choosing to instead axe some
> processes (such as init(!)) to satisfy memory demand.

you can always start axeing users...although the law kinda frowns upon
this method.
obviously i mean some kind of lesser threat.
Don't screw with the system or you'll find yourself not using the system
anymore..or something to that effect.

-Cygnus
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network Administrator/Engineer
admin@intergrafix.net Intergrafix Internet Services

"Dream as if you'll live forever, live as if you'll die today"
http://cygnus.ncohafmuta.com http://www.intergrafix.net
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.

On Tue, 26 Oct 1999, Michael Bacarella wrote:

>
> This probably isn't the best place to ask, but it's Linux, and I trust the
> natural order of internet flamethrowing to cordially correct me.
>
> I have a Linux server with evil users looking to destroy it (ISP).
> Even effortlessly, I find that I can consume all of the VM on the system.
>
> The limits are set to something rather reasonable (10M of addressable
> memory per process, 12 processes max per user). Stricter restrictions
> make trivial tasks impossible (man, for one). Under this scheme, a single
> user can still consume 120 megs of virtual memory.
>
> This isn't what I had in mind. It'd be much easier to say "User A can only
> use X megs of memory at most!" rather than say how much memory each
> process can use and how many processes the user can spawn.
>
> Perusing the kernel source shows that such a framework is in place, but no
> real meat is attached to it, so it rules that option out (unless I'm
> misreading).
>
> What can I do in the meantime? There's only so much swap space that I can
> add, and I'm still vulnerable if enough users decide that they want to run
> resource intensive tasks.
>
> It seems like the system can't say that enough is enough for a greedy user
> and start making mmap() fail for them, choosing to instead axe some
> processes (such as init(!)) to satisfy memory demand.
>
> Am I missing something bluntly obvious?
>
> Thanks
> -Michael Bacarella
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rui Sousa: "Linux-2.2.12 OOPS (select_dcache)"
Previous message: Dominik Kubla: "Re: file descritor 255 is always associated with /dev/tty[?] ?"