Re: [SLE] maximum nproc value

---

• From: James Wright <jwright01@xxxxxxx>
• Date: Fri, 03 Feb 2006 09:16:36 -0500

---

Steve Graegert wrote:

1. /etc/security/limits.conf tells the kernel what and how much
resources a user/group can use on a particular system. It can be seen
as a quota

I have a couple of questions on this. The /etc/security/limits.conf file and the ulimit seem to only limit the amount of processes per user. Can you also limit the amount of processes that this system itself is allowed to concurrently run? I realize that in most cases this would cause undesirable effects, but I am thinking about this from a security standpoint. Say you do a benchmark a web server and determine the maximum amount of processes needed. You could then impose a limit to help prevent remote code execution or buffer overflow exploits, because new processes would not be allowed to start. (OT, or is there a way to create a white list of allowed processes?). Also, are changes to the limits.conf file immediate, or does a service need to be restarted for any changes to take effect? You could create a script that oversees requests for processes, check the request against a white list, then update the limits.conf file to allow an additional process. Is this a good idea, or is my logic flawed?


- James W.


--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx

---

• Follow-Ups:
  • Re: [SLE] maximum nproc value
    • From: Steve Graegert

• References:
  • [SLE] maximum nproc value
    • From: Michael Green
  • Re: [SLE] maximum nproc value
    • From: Michael Green
  • Re: [SLE] maximum nproc value
    • From: Steve Graegert
  • Re: [SLE] maximum nproc value
    • From: Carl Hartung
  • Re: [SLE] maximum nproc value
    • From: Steve Graegert
  • Re: [SLE] maximum nproc value
    • From: Per Jessen
  • Re: [SLE] maximum nproc value
    • From: Steve Graegert
  • Re: [SLE] maximum nproc value
    • From: Per Jessen
  • Re: [SLE] maximum nproc value
    • From: Steve Graegert

• Prev by Date: Re[4]: [SLE] Mainboard selection
• Next by Date: Re: [SLE] Dual Boot Under Grub
• Previous by thread: Re: [SLE] maximum nproc value
• Next by thread: Re: [SLE] maximum nproc value
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Server Side filtering (as pertains to Google Groups) ... server is in exceeding a user's quota when leeching from their real NNTP ... Many users have a monthly bandwidth quota. ... headers are included in the overview headers, ... There are NNTP commands which allow a client (including a local proxy ... (news.software.readers) Re: Server Side filtering (as pertains to Google Groups) ... Many users have a monthly bandwidth quota. ... headers are included in the overview headers, like Message-ID (but you ... downloading the message, not just the headers. ... (news.software.readers) Re: Server Side filtering (as pertains to Google Groups) ... server is in exceeding a user's quota when leeching from their real NNTP ... Many users have a monthly bandwidth quota. ... headers are included in the overview headers, ... applied BEFORE the client uses that proxy, the same on-the-fly filtering ... (news.software.readers) Re: OT - has my email domain been hijacked? ... > The dumb mail server of some of the recipients hasn't worked out that the ... > headers are forged, so it is returning the 'unknown address error' back to ... > Mail servers do not generally accept a DATA command if the RCPT ... james | "I don't think so," said René Descartes. ... (Fedora) RE: [SLE] cloned suse drive wont boot ... James ... Boot disk, bood cd, any other boot media that will give fdisk type ... >> Check the headers for your unsubscription address ... (SuSE)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)