> On Tue, 4 Sep 2001, Nickolay A.Kritsky wrote:
>
> > Hi, all.
> > I have a webserver running on FreeBSD 3.3. One of the perl scripts
> > located there has some bug, that puts him in the infinite loop. This
> > causes my webserver to stall, so that the only way to reboot is
> > hardware reset. I want to restrict user httpd to use no more than
> > 75% of CPU time. I read man limits(1) and man getrlimit(2) but they
> > only talk about limiting cputime in seconds, but not percents. It
> > means that I can restrict httpd process to run no more than 10
> > seconds, but in this 10 seconds it will have access to all CPU power
> > of the computer, making administrative work quite impossible. How
> > can I add percent-based cputime restrictions for various users and
> > login classes?
>

This is tough to do reliably. The obvious reason being that any process
should be able to spike up to 100% once and a while (such as when there is
activity).. You could however, write a script of some sort to check the CPU
usage of a process every once and a while and if it exceeds a certain
threshold, then take appropriate action (such as if it's over 90% during 3
probes spaced 1 minute apart). I think the best way to do it would be to
check the CPU Time every X seconds/minutes and if

(NEWCPUTIME - OLDCPUTIME) > LIMIT

then take appropriate action. This seems to be the safest way to monitor and
destroy 'runaway' processes and such.

Cheers,
-JD-

-- 
Jason DiCioccio - geniusjbsd.st - PGP Key  http://bsd.st/~geniusj/pgpkey.asc

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQA/AwUBO5Uj1tNQlZYENnwIEQINBwCgvUOFn31U9EueBShuIsmyw09iVcQAnjbR oZ0CLZR78S1pHSuC3Cr4k5Xg =zcAu -----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]