ResourceLimits

We take advantage of Linux's ulimit facility to limit user process' use of particular system resources. See DaemonFileSecurity for information on disk usage limits.

1. Login and cron jobs

Login shells and cron jobs inherit the limits from /etc/security/limits.conf, via PAM. We currently impose these limits, where "n/m" means "soft limit n and hard limit m":

These settings are mostly designed assuming friendly users who sometimes make mistakes and create run-away processes. We may need to make the limits more stringent in the future.

2. CGI

We use a patched version of Apache 2 suexec that imposes the following restrictions on script execution:

No doubt we'll be tweaking these parameters based on experience.


CategorySystemAdministration

ResourceLimits (last edited 2005-08-15 05:40:57 by AdamChlipala)