Re: prevent out of memory
From: Michael Heiming (michael+USENET_at_www.heiming.de)
Date: Sun, 1 Aug 2004 17:13:48 -0000
-----BEGIN PGP SIGNED MESSAGE-----
NotDashEscaped: You need GnuPG to verify this message
In comp.os.linux.misc firstname.lastname@example.org suggested:
> Michael Heiming <michael+USENET@www.heiming.de> wrote in message news:<email@example.com>...
>> In comp.os.linux.misc firstname.lastname@example.org suggested:
>> > Is there any way to configure a system so that a single user can not
>> > run the system out of virtual memory? I want there to always be some
>> > memory for root so that I can always ssh into the box or log in on the
>> > console and kill the offending processes.
>> Enforce limits through pam (/etc/security/limits.conf), examples
>> should be found in this file.
> This only sets the rlimits. Thesea re not suitable because they
> provide no mechanism for preventing a user from running the system out
> of memory. To prevent a user from running the system out of memory
> with rlimits, the product of the maximum number of processes and the
> maximum memory usage per process needs to be less than available
> memory. So if you have 8GB of RAM+swap you must give each user, for
> example, a max of 1G/process and 8 processes, or 128MB per process and
> 64 processes.
And don't forget to restrict max logins, as those limits are per
login. Anyway I don't see where those are not suitable? Sure it's
a little configuration and mostly used to stop people from being
able to bring the system to a grinding halt with some fork bomb.
-- Michael Heiming (GPG-Key ID: 0xEDD27B94) mail: echo email@example.com | perl -pe 'y/a-z/n-za-m/' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBDSTLAkPEju3Se5QRAplCAJ46zi8OGdLZHeikCXoHtkyHmug3+wCdFwac lsiZhyhksUnjWwLFi5mJTv0= =Azlv -----END PGP SIGNATURE-----