[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: resource limits

To: Jim Breton <jamesb-openbsd@alongtheway.com>
Subject: Re: resource limits
From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>
Date: Fri, 24 Mar 2000 11:00:14 +0200
Cc: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>,misc@openbsd.org
References: <20000323172109.E840@alongtheway.com> <20000323193917.A24381@comrade.desert.lt> <20000323181002.F840@alongtheway.com>

On Thu, Mar 23, 2000 at 06:10:02PM +0000, Jim Breton wrote:
> OK, I did rtfm but I guess I was tripped up by a little perceived
> ambiguity.  So: does this mean that if I had a process that forked over
> and over and over, each one of those child processes would be able to
> consume X amount of memory?

yes it will. again, these are per-process resource limits. i think the
values mean that each process can fork 80 child processes and each
of them will be able to open up to 64 files, as long as there're
enough resources (ram+swap, number of opened files < maximum
(== `sysctl kern.maxfiles`)).

look, write simple program, that mallocs pieces of 1M ram and touches
every page in each of them in endless loop. run several copies of
program and you'll find openbsd box on its knees...

> man ulimit says:
> 
> "Provides control over the resources available to the shell and to
> processes started by it"
> 
> If this applies to all of the rlimit values, doesn't that mean that I
> effectively have no maximum number of processes, since each child
> process can spawn <max_procs> processes?

yes, program like "main(){for(;;)fork();}" will use all system resources.

> OK, thanks.  :)  I have another machine running FreeBSD which I haven't
> used much yet, guess I'll start taking a look at it.

then look at /etc/login.conf...

> Really my objective is to learn as much as I can about securing a box
> from multiple local users, and choosing the best OS for the job.  It
> will be set up where some of my friends can use it, and a few of them are
> "mischievous" so any tips are appreciated.  ;-)

my friends in university have been looking for os to provide simple
restricted shell access for students to give 'em possibility ti read
their mail... the access box was planned to be 386 :-) with my assistance
they choosed ;-) and installed openbsd with rksh, and there it seems
to be enough, but there're lot of tasks, when having just rksh and no
resource limits for users is not enough to feel you're safe enough...

-- 
Denis A. Doroshenko
Omnitel Ltd., Sevcenkos 25, Vilnius 2600, Lithuania
mailto:d.doroshenko@omnitel.net

References:
- resource limits
  - From: Jim Breton <jamesb-openbsd@alongtheway.com>
- Re: resource limits
  - From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>
- Re: resource limits
  - From: Jim Breton <jamesb-openbsd@alongtheway.com>
- Re: resource limits
  - From: Jim Breton <jamesb-openbsd@alongtheway.com>

Prev by Date: Re: OpenSSH configuration question
Next by Date: Re: MP3s
Prev by thread: Re: resource limits
Next by thread: Re: resource limits
Index(es):
- Date
- Thread