Re: prevent out of memory

carloschoenberg_at_yahoo.com
Date: 08/02/04


Date: 1 Aug 2004 20:46:36 -0700

Michael Heiming <michael+USENET@www.heiming.de> wrote in message news:<cvkvt1-uko.ln1@news.heiming.de>...
> > maximum memory usage per process needs to be less than available
> > memory. So if you have 8GB of RAM+swap you must give each user, for
> > example, a max of 1G/process and 8 processes, or 128MB per process and
> > 64 processes.
>
> And don't forget to restrict max logins, as those limits are per
> login. Anyway I don't see where those are not suitable? Sure it's
> a little configuration and mostly used to stop people from being
> able to bring the system to a grinding halt with some fork bomb.

I see your confusion now. These limits are not per login. The rlimits
related to process size are per *process*.

This is why they do not work to prevent a user from running the system
out of memory. The user can run multiple processes.

While the number of processes a *user* can run can also be limited, a
reasonably large limit must be set.



Relevant Pages

  • Re: prevent out of memory
    ... >> maximum memory usage per process needs to be less than available ... > And don't forget to restrict max logins, ... These limits are not per login. ...
    (comp.os.linux.misc)
  • setting login.conf doesnt limit my users
    ... after setting a new login classes in login.conf the users still don't get ... are in the login class that should put them the limits and I ran cap_mkdb ...
    (freebsd-questions)
  • Re: Allow small amount of memory be mlock()ed by unprivileged process?
    ... parallel the conventional limits in many categories including the locked memory. ... A general observation that our way of setting resource limits via login ... In addition to the traditional users and groups we also have login classes. ...
    (freebsd-arch)
  • Controling users
    ... I was wondering if you can put limits on the times (ie ... 9am-5pm) users can login to a Windows XP account. ...
    (microsoft.public.windowsxp.security_admin)