[tech] Process ulimits on Mussel and Martello
David Adam
zanchey at ucc.gu.uwa.edu.au
Tue Feb 1 21:42:35 WST 2011
So a certain genius who will remain nameless decided to see if a forkbomb
would work on Mussel. Apparently this is no longer deserving of an account
locking, but as it's not the first time in recent years I decided it was
probably time we did something about it.
/etc/security/limits.conf on Mussel and Martello has been set with a soft
limit of 4096 processes on all user accounts. getrlimit(2) informs me that
on Linux this enforces a limit of 4096 threads per real UID. That's still
enough to build Mozilla Firefox and run my screen session, and it's a soft
limit anyway so if you're really struggling you can just bump it up with
`ulimit -u onezillion` or whatever.
4096 was a number I pulled out of the air; there is little to no science
behind it and is not intended to stand up to malicious attacks. There are
still at least a thousand ways of exhausting resources on multiuser Linux
systems anyway.
David Adam
UCC Wheel Member
zanchey at ucc.gu.uwa.edu.au
More information about the tech
mailing list