OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: limits.conf doesn't appear to have any effect

From: Dylan Martin (dmartinsccd.ctc.edu)
Date: Thu Dec 29 2005 - 11:11:45 CST


You are correct in your guess that it's getting root's limits.

You could make root drop it's limits in the Apache launch script before it
launches Apache.

Just pop

ulimit -t 1

into /etc/rc.d/init.d/httpd

and your web server will use one second of cpu time before it dies.

Of course, this might not be what you want it to do. Even assuming that you
set the limit to a reasonably high number, the server will eventually burn that
many seconds on the CPU and then die, which probably isn't what you want.

-Dylan

> Hi,
>
> On both redhat 7.3 and EL3 machines my entries of:
>
> nobody hard cpu 1
>
> do not seem to have effect.
>
> I am trying to limit bad apache and apache-spawned processes (all ran as
> user nobody).
>
> My only guess is that perhaps since apache starts out as root it is getting
> roots limits? I doubt this but it is all I can think of.
>
> These are very stock installs of 7.3 and EL3 - is there anything I need to
> enable to make PAM limits effective? Do I need to reboot tthe machine?
> After I make the changes I do stop and restart apache.
>
> Also, until I can solve this, is anyone aware of a good script to kill off
> processes uses too much CPU time? Or a perl module that I can use to write
> something
> to grab CPU times and do the killing in my own script?
>
> Thanks!
>
> P.S. I searched the archives but could not find anything. One recent message
> said to search the archives for a solution (another user posted a similiar
> question to mine)
> but I could not find anything. Thanks again.

> _______________________________________________
> Pam-list mailing list
> Pam-listredhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list