[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to limit it ?



* Grzegorz Pawel Szostak said:
> Hi,
> 
> > > 
> > > how to limit all of this ?
> > > I've tried /etc/security/limits.conf but it seems to not work properly ...
> > Hmm... the latest update to the pam libraries on potato fixed the problem
> > with pam_limits module. But, you might want to use the lshell package which
> > does basically the same.
> I'm afraid you are wrong. I've installed lshell (Pawel Jochym suggested it
> to me) but it doesn't suit me. ulimit -a says that for example memory
It's enough if you limit the size of the data segments, number of processes
and CPU time. The rest is just fine tuning the other parameters - after all,
the data and stack is what takes 90% of the space. Limiting the image size
of the binary executable is pointless - you've got full control over what
the user can or cannot execute - just deny him the right to execute anything
from his/her home directory. Then YOU are the one who controls the image
sizes of all the executables - it's enough to limit the data/stack size.

> usage is unlimited. Also Pawel suggested sollution with /etc/profile and
> ulimit. My ulimit-line in /etc/profile looks now like:
Still, you're assuming the entire world uses bash, which (fortunately) isn't
true. As a side note - tcsh takes half the memory bash consumes and has all
the sprinkles bash does. :))
 
> ulimit -d 2097148 -c 0 -n 64 -s 8192 -u 64 -l 4096 -m 4096 -v 8192
> 
> and it is good enough for me.
And what about your user who wants to use ash, sash, csh, ksh, zsh, rc,
pdmenu or whatever other shell s/he wants?

marek

Attachment: pgpjjQphlQWnp.pgp
Description: PGP signature


Reply to: