Results 1 to 3 of 3

Thread: Per User Process Limit and Thread Limits?

  1. #1

    Default Per User Process Limit and Thread Limits?

    I run a fairly large (32 CPU core, 64 GB memory) multi-user system that is used for everything from teaching programming classes to being a web server. In our environment, where people will be learning to use "fork" for the first time, a per-user process limit is necessary.

    I have set a limit of 96 processes per user in /etc/security/limits.conf.

    Unfortunately, this seems to have the side-effect of limiting the number of threads that a user can run to 53 (when the only other processes run by that user are sshd and a shell).

    If I increase the per-user process limit to 128, the user can then run 85 threads. The number of thread that a single user can run seems to be 43 less than their process limit.

    This breaks a number of java applications, such as matlab, because they attempt to launch a large number of threads.

    Does anyone know how to separate the two limits or do I have to choose between letting java applications run and being vulerable to fork bombs?

    TIA

    Scott

  2. #2
    ab@novell.com NNTP User

    Default Re: Per User Process Limit and Thread Limits?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    With that much power on the box have you considered throwing on a tiny,
    console-only, VM in which they can run all day long until they blow it
    up? This would probably provide a significant barrier of protection for
    your host system and, with a small VM, won't impact performance too much
    if at all. Worst case scenario you could set the nice value of your VM
    to be really, really high so even if they do bomb that machine and it
    starts working hard and it's working the processor for some reason you
    could easily sneak into the host and just nuke the VM machine's process
    without affecting anybody else.

    Good luck.





    schaffin wrote:
    > I run a fairly large (32 CPU core, 64 GB memory) multi-user system that
    > is used for everything from teaching programming classes to being a web
    > server. In our environment, where people will be learning to use "fork"
    > for the first time, a per-user process limit is necessary.
    >
    > I have set a limit of 96 processes per user in
    > /etc/security/limits.conf.
    >
    > Unfortunately, this seems to have the side-effect of limiting the
    > number of threads that a user can run to 53 (when the only other
    > processes run by that user are sshd and a shell).
    >
    > If I increase the per-user process limit to 128, the user can then run
    > 85 threads. The number of thread that a single user can run seems to be
    > 43 less than their process limit.
    >
    > This breaks a number of java applications, such as matlab, because they
    > attempt to launch a large number of threads.
    >
    > Does anyone know how to separate the two limits or do I have to choose
    > between letting java applications run and being vulerable to fork
    > bombs?
    >
    > TIA
    >
    > Scott
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFJZ7e63s42bA80+9kRAoZJAJ4rGKDQnnXvNOLFQ7JMrTrzIFj2cwCfZT5h
    MzavwSwIObtwU1y2vQRwWhk=
    =R4Gh
    -----END PGP SIGNATURE-----

  3. #3

    Default Re: Per User Process Limit and Thread Limits?

    Quote Originally Posted by ab@novell.com View Post
    With that much power on the box have you considered throwing on a tiny,
    console-only, VM in which they can run all day long until they blow it
    up? This would probably provide a significant barrier of protection for
    your host system and, with a small VM, won't impact performance too much
    if at all. Worst case scenario you could set the nice value of your VM
    to be really, really high so even if they do bomb that machine and it
    starts working hard and it's working the processor for some reason you
    could easily sneak into the host and just nuke the VM machine's process
    without affecting anybody else.

    Good luck.
    Thanks for the suggestion, but I prefer keeping things simple for our students. Furthermore, I'd still need to have a per-user processs limit on the master machine to prevent fork bombs when someone accidentally (or intentionally) runs their program on that box.

    I think that I'm going to ask the same question in a kernel support forum or mailing list--I'd like to figure out why you can run so few threads and if threads are actually processes.

    Thanks again for the suggestion.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •