Re: Restricting resource usage on a shell server
On Sat, Mar 15, 2008 at 4:32 PM, Raj Kiran Grandhi <grajkiran@gmail.com> wrote:
> Sean Whitton wrote:
> > Hello,
> >
> > I am looking to set up a shell server providing apache, MySQL and
> > mailman as well as standard shell features. For this I am going to
> > need to limit my users usage of server resources so that they don't
> > compromise the usage of others. Particularly, I am looking to limit
> > disc usage across MySQL, mailman and of course normal files, bandwidth
> > usage across ssh, sftp, httpd and anything else (e.g. wget), and
> > memory/process usage to prevent one user hogging the server's capacity
> > - all of this in a clean, low maintenance manner! Yes, it is a lot to
> > ask, but I think Debian can do it, I just don't know how to make it.
> >
> > 1) Disc usage
> > I can setup quotas to limit users to a certain amount of drive space
> > quite easily, but how can I tie this to MySQL usage too? For example,
> > if a user has a 1GB quota and uses 512MB for a database, they should
> > then only be able to use 512MB for their home directory.
> >
>
> Are the databases and the home directories on the same partition? The
> mysql database files are owned my the 'mysql' user on debian. So, it
> might not be possible to implement a quota system that includes the
> database.
They will be on the same partition :( I believe there are however
scripts out there to handle this kind of thing.
>
> > 2) Bandwidth usage
> > I get the impression from asking around that this is not at all going
> > to be easy. I am thinking that simply limiting httpd and setting up a
> > restrictive firewall to stop users binding their own servers would be
> > an effective method assuming I can trust them not to upload huge
> > files. However, does anyone know of a better way of limiting bandwidth
> > globally?
>
> Perhaps the iproute package would suit your needs.
> The following rules provide some basic limiting. I got them from some page.
>
> # tc qdisc add dev $DEV handle ffff: ingress
> and
> # tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip \
> src 0.0.0.0/0 police rate ${RATE}kbit burst 10k drop flowid :1
That makes sense but I want to set a limit in GB per month, and then
allow as fast transfer as required by the user. Is this possible with
that package?
Thanks,
Sean
Reply to: