ee25310d |
1 | We take advantage of Linux's `ulimit` facility to limit user process' use of particular system resources. See DaemonFileSecurity for information on disk usage limits.\r |
2 | \r |
3 | = Login and cron jobs =\r |
4 | \r |
5 | Login shells and cron jobs inherit the limits from `/etc/security/limits.conf`, via PAM. We currently impose these limits, where "n/m" means "soft limit n and hard limit m":\r |
6 | \r |
7 | * `as 100000/500000`. This limits how much virtual memory processes can allocate. Without this, run-away processes can use up all of the memory in the system and cause daemons to start crashing due to out-of-memory errors.\r |
8 | * `nproc 10/20`. Creating an unbounded number of processes is bad, so here we limit the maximum number of processes you may own concurrently.\r |
9 | \r |
10 | These settings are mostly designed assuming friendly users who sometimes make mistakes and create run-away processes. We may need to make the limits more stringent in the future.\r |
11 | \r |
12 | = CGI =\r |
13 | \r |
14 | We use a patched version of Apache 2 suexec that imposes the following restrictions on script execution:\r |
15 | \r |
16 | * It sets some ulimits. Currently, it limits process count to 100 and memory usage to 100 MB.\r |
17 | * It waits up to 10 seconds for the script to execute before killing it and its children. The child-killing business is accomplished by putting the initial script process into a new process group, and then later using `pkill -g` on that process' pid if the time-out is reached.\r |
18 | \r |
19 | No doubt we'll be tweaking these parameters based on experience.\r |
20 | \r |
21 | = PHP =\r |
22 | \r |
23 | We've modified suphp in the same way, so your PHP scripts run with process count, memory, and time limitations, and will be killed if they exceed them.\r |
24 | \r |
25 | ----\r |
26 | CategorySystemAdministration\r |