welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
Last name of the author of the GNU Manifesto

Page Locked

ResourceLimits

We take advantage of Linux's ulimit facility to limit user process' use of particular system resources. See DaemonFileSecurity for information on disk usage limits.

1. Login and cron jobs

Login shells and cron jobs inherit the limits from /etc/security/limits.conf, via PAM. We currently impose these limits, where "n/m" means "soft limit n and hard limit m":

These settings are mostly designed assuming friendly users who sometimes make mistakes and create run-away processes. We may need to make the limits more stringent in the future.

2. CGI

We use a patched version of Apache 2 suexec that imposes the following restrictions on script execution:

No doubt we'll be tweaking these parameters based on experience.

3. PHP

We've modified suphp in the same way, so your PHP scripts run with process count, memory, and time limitations, and will be killed if they exceed them.


CategorySystemAdministration CategoryOutdated