enforcing resource limits
Hi,
I was thinking of playing with /etc/security/limits.conf, however I am
now having second thoughts...
The Debian Security HOWTO has this file in the contents, but no actual
discussion. I then had a look around the web and usenet, and while I
found alot of people making reference to limits.conf, I could not find
any decent example of it in use.
Secondly, from what I can gather, limiting the number of user processes
(nproc) is broken for kernel 2.4.x (at least, according to Alan Cox on
the kernel list last December). As far as trying to prevent the impact
of fork bombs go, this is a bit of a set back :(
Aside from this, I can't seem to find any decent examples of what one
should put in limits.conf. I'm sure I could make some kind of
approximate guess as to how much memory and cpu time I should limit, but
I would feel more confident if there were some examples out there.
Anyway, if anyone is using limits.conf, could you please post your
configuration with perhaps a little comment describing why you have
chosen certain values, etc..
Perhaps this information could be summarised and put into the security
HOWTO?
cheers,
Ian.
--
Ian Cumming, ian@semisphere.org
"The number of Unix installations has grown to 10, with more expected."
-- The Unix Programmer's Manual, 2nd Edition, June, 1972
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: