Results 1 to 3 of 3

Thread: Per User Process Limit and Thread Limits?

  1. #1
    schaffin NNTP User

    Default Per User Process Limit and Thread Limits?


    I run a fairly large (32 CPU core, 64 GB memory) multi-user system that
    is used for everything from teaching programming classes to being a web
    server. In our environment, where people will be learning to use "fork"
    for the first time, a per-user process limit is necessary.

    I have set a limit of 96 processes per user in
    /etc/security/limits.conf.

    Unfortunately, this seems to have the side-effect of limiting the
    number of threads that a user can run to 53 (when the only other
    processes run by that user are sshd and a shell).

    If I increase the per-user process limit to 128, the user can then run
    85 threads. The number of thread that a single user can run seems to be
    43 less than their process limit.

    This breaks a number of java applications, such as matlab, because they
    attempt to launch a large number of threads.

    Does anyone know how to separate the two limits or do I have to choose
    between letting java applications run and being vulerable to fork
    bombs?

    TIA

    Scott


    --
    schaffin
    ------------------------------------------------------------------------
    schaffin's Profile: http://forums.opensuse.org/member.php?userid=11069
    View this thread: http://forums.opensuse.org/showthread.php?t=404532


  2. #2
    ab@novell.com NNTP User

    Default Re: Per User Process Limit and Thread Limits?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    With that much power on the box have you considered throwing on a tiny,
    console-only, VM in which they can run all day long until they blow it
    up? This would probably provide a significant barrier of protection for
    your host system and, with a small VM, won't impact performance too much
    if at all. Worst case scenario you could set the nice value of your VM
    to be really, really high so even if they do bomb that machine and it
    starts working hard and it's working the processor for some reason you
    could easily sneak into the host and just nuke the VM machine's process
    without affecting anybody else.

    Good luck.





    schaffin wrote:
    > I run a fairly large (32 CPU core, 64 GB memory) multi-user system that
    > is used for everything from teaching programming classes to being a web
    > server. In our environment, where people will be learning to use "fork"
    > for the first time, a per-user process limit is necessary.
    >
    > I have set a limit of 96 processes per user in
    > /etc/security/limits.conf.
    >
    > Unfortunately, this seems to have the side-effect of limiting the
    > number of threads that a user can run to 53 (when the only other
    > processes run by that user are sshd and a shell).
    >
    > If I increase the per-user process limit to 128, the user can then run
    > 85 threads. The number of thread that a single user can run seems to be
    > 43 less than their process limit.
    >
    > This breaks a number of java applications, such as matlab, because they
    > attempt to launch a large number of threads.
    >
    > Does anyone know how to separate the two limits or do I have to choose
    > between letting java applications run and being vulerable to fork
    > bombs?
    >
    > TIA
    >
    > Scott
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFJZ7e63s42bA80+9kRAoZJAJ4rGKDQnnXvNOLFQ7JMrTrzIFj2cwCfZT5h
    MzavwSwIObtwU1y2vQRwWhk=
    =R4Gh
    -----END PGP SIGNATURE-----

  3. #3
    schaffin NNTP User

    Default Re: Per User Process Limit and Thread Limits?


    ab@novell.com;1924733 Wrote:
    >
    > With that much power on the box have you considered throwing on a
    > tiny,
    > console-only, VM in which they can run all day long until they blow it
    > up? This would probably provide a significant barrier of protection
    > for
    > your host system and, with a small VM, won't impact performance too
    > much
    > if at all. Worst case scenario you could set the nice value of your
    > VM
    > to be really, really high so even if they do bomb that machine and it
    > starts working hard and it's working the processor for some reason you
    > could easily sneak into the host and just nuke the VM machine's
    > process
    > without affecting anybody else.
    >
    > Good luck.
    >


    Thanks for the suggestion, but I prefer keeping things simple for our
    students. Furthermore, I'd still need to have a per-user processs limit
    on the master machine to prevent fork bombs when someone accidentally
    (or intentionally) runs their program on that box.

    I think that I'm going to ask the same question in a kernel support
    forum or mailing list--I'd like to figure out why you can run so few
    threads and if threads are actually processes.

    Thanks again for the suggestion.


    --
    schaffin
    ------------------------------------------------------------------------
    schaffin's Profile: http://forums.opensuse.org/member.php?userid=11069
    View this thread: http://forums.opensuse.org/showthread.php?t=404532


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •