HPE Community
Operating System - HP-UX
1838606 Members
3092 Online
110128 Solutions
New Discussion

How to limit a special user's process can not use too many memory?

 
SOLVED
Go to solution
MA Qiang
Regular Advisor

‎04-27-2006 02:53 AM

‎04-27-2006 02:53 AM

How to limit a special user's process can not use too many memory?

Thanks.
0 Kudos
Reply
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

‎04-27-2006 03:10 AM

‎04-27-2006 03:10 AM

Re: How to limit a special user's process can not use too many memory?

1) Buy the PRM (Process Resource Management) product.

2) Not as powerful but will work. Add a ulimit -d nnnn command either to his .profile or create a wrapper script for the program that does a limit -d before exec'ing the program.
If it ain't broke, I can fix that.
0 Kudos
Reply
Ninad_1
Honored Contributor

‎04-27-2006 03:11 AM

‎04-27-2006 03:11 AM

Re: How to limit a special user's process can not use too many memory?

Hi,

There are various limits
data segment, stack, memory - which you can see by ulimit -a

In the user's .profile insert the following line

ulimit -d data_size_kb
ulimit -s stack_size_kb
ulimit -m memory_size_kb

Put the necessary value in KB

Hope that helps,
Ninad
0 Kudos
Reply
MA Qiang
Regular Advisor

‎04-27-2006 11:41 PM

‎04-27-2006 11:41 PM

Re: How to limit a special user's process can not use too many memory?

User can modify the .profile by himself. How to force the limit without PRM?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-28-2006 02:21 AM

‎04-28-2006 02:21 AM

Solution

Re: How to limit a special user's process can not use too many memory?

That's why you buy PRM. All of your other options apply globally unless you modify this user's .profile. Even if you did not allow writes to .profile, this user could still outbushwhack you by replacing his .profile with another unless you removed write permission on his home directory -- which is generally not practical.

Again, you could create a wrapper that would invoke the "real" program after setting ulimit to some desired value and moving the "real" program somewhere else. If that wrpapper is a script then because the user must have read permission to execute it, he can easily see where the real program is. It would be better in this case to create a C wrapper and only set the execute bits so that it would not be vulnerable to a strings command.


Fundamentally, I think you are taking the wrong approach. You should discuss the problem with this user. If this is an application for which you have the source code then the limits could be a command-line option; if this is a memory leak problem then it should be fixed.
If it ain't broke, I can fix that.
Reply
Bill Hassell
Honored Contributor

‎04-28-2006 04:56 AM

‎04-28-2006 04:56 AM

Re: How to limit a special user's process can not use too many memory?

Actually, once you set a hard ulimit value for the user (perhaps in /etc/profile) then the user can only lower the value, not raise it. To be able lower or raise the value, it would have to be ulimit -S plus the new limit.

As Clay mentioned, this is a social engineering problem more than a technical problem. If the user insists on running a program that occupies far too much RAM (and requests to stop are ignored) then simply ask this person's manager to buy a very large amount of RAM just for this one person. That usually solves the problem.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.