> In linux.dev.kernel, article <Pine.LNX.3.93.960611014506.3875A-100000=
@brando>,
> Kevin M Bealer <kmb203@psu.edu> writes:
> >=20
> > As for the CPU quotas I like the idea of "no more than 20% of the C=
PU" at
> > once, but I don't know how implementable it would be. As for "only=
n hours
>=20
> It's implementable. The kernel needs a "struct userinfo" per logged-i=
n user=20
> for that to work. The same structure could also hold total memory usa=
ge,
> which would enable us to finally block most of the more malicious
> fork/malloc bombs.
>=20
> > of CPU use per user", I don't see why this couldn't be better done =
in user
> > space... unless you mean absolute, cumulative time spent by the CPU=
for that
> > user only -- and you can, say, ftp for a _long_ time (with a 14.4 a=
nyway)
> > before you show significant time on "top". -- most users won't be d=
oing
> > really intensive stuff.
> >=20
> I don't think that's too useful. We can already count how much CPU th=
e user
> burned. Capping the amount of "live" memory for the user (so as to pr=
event=20
> a "mmap() as much of /dev/zero as we're allowed to, and then randomly
> write to bytes thereof" attack) would be better.
>=20
> But then, if you have that kind of user population where this is a
> significant problem, your money is better spent on educating these gu=
ys to
> Not Do That (and kick the few people who can't understand the words "=
cease
> and desist" off the system).
True, but this is an educational-type environment, where idiots pride=20
themselves in the knowledge they can crash things. Oh well... Do Not D=
o=20
That doesn't work that well. I really do like the idea of memory quota=
. =20
I would just say that they can take up as much memory as they want as=20
long as they don't start swapping and degraded performance for other=20
users. We should maybe find a adaptive way to do this, as well as=20
possibly have a /etc/sysquota.conf or similar.
>=20
> --=20
> It were better to perish than to continue schoolmastering.
> -- Thomas Carlyle
> --=20
> Matthias Urlichs \ noris network GmbH / Xlink-POP N=FCrnbe=
rg=20
> Schleiermacherstra=DFe 12 \ Linux+Internet / EMail: urlichs@n=
oris.de
> 90491 N=FCrnberg (Germany) \ Consulting+Programming+Networking+e=
tc'ing
> PGP: 1024/4F578875 1B 89 E2 1C 43 EA 80 44 15 D2 29 CF C6 C7 E0=
DE
> Click <A HREF=3D"http://info.noris.de/~smurf/finger">here</A>.=
42
>=20
-- Jeff Johnson GCS d- s: !a C+++ UA++(+++) P+ L+ trn@gate.net E---- W+++ N+++(+++++) K- w(+) O(-) KE4QWX M- V-(--) PS+ PE Y++ PGP+++(+++++) t-=20 http://www.gate.net/~trn 5 X+++(+++++) R tv+ b++ DI-- D G++ e* !h r y= ? Nerdity Test =3D 66% Hacker Test =3D 45% 1024/3397E001 1995/06/10 5B 92 8B 34 84 E9 42 26 DC FB F7 C4 1E 0E 8= 0 29