welcome: please sign in

Include all attachments?

Edit

ResourceLimits

We take advantage of Linux's ulimit facility to limit user process' use of particular system resources. See DaemonFileSecurity for information on disk usage limits.

1. Login and cron jobs

Login shells and cron jobs inherit the limits from /etc/security/limits.conf, via PAM. We currently impose these limits, where "n/m" means "soft limit n and hard limit m":

These settings are mostly designed assuming friendly users who sometimes make mistakes and create run-away processes. We may need to make the limits more stringent in the future.

2. CGI

We use a patched version of Apache 2 suexec that imposes the following restrictions on script execution:

No doubt we'll be tweaking these parameters based on experience.

3. PHP

We've modified suphp in the same way, so your PHP scripts run with process count, memory, and time limitations, and will be killed if they exceed them.


CategorySystemAdministration CategoryOutdated