HPE Community
Operating System - HP-UX
1838576 Members
4117 Online
110128 Solutions
New Discussion

Re: inetd fork without checking maxuprc

 
Eric Guerizec
Frequent Advisor

‎08-02-2005 07:21 PM

‎08-02-2005 07:21 PM

inetd fork without checking maxuprc

As you know, maxuprc is a kernel parameter which set the maximum number of simultaneous user processes except for super-user.
In the configuration file inetd.conf, you specify for each service the user to be used when the service is running. Most of the time, the user is root (ftp, telnet, etc.).
But If you need to run the process with another ID (for example user 'myuser' with id 7000), inetd doesn't check if maxuprc is reached for this user! For me, it is not normal we can do that even if inetd is a super-user process.
I'm waiting for HP support informations. Maybe you have more informations from your side...

Regards
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎08-02-2005 07:58 PM

‎08-02-2005 07:58 PM

Re: inetd fork without checking maxuprc

With HP-UX the systems administrator is supposed to take into account what maxuprc should be prior to starting the system.

What I mean by that is that it will try and open any proces its asked, but if maxuprc is reached its game over.

Generally for big Oracle database servers, changing the standard value of 75 to 200 does the trick and applies to all users. This figure must be calculated and increased depending on a number of factors such as how many Oracle instances you are running.

Most application vendors I have dealt with do not provide guidance on what maxuprc should be.

HP's guidance, as in where they set it in 11i is in my opinion slightly low for normal everyday business use.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Eric Guerizec
Frequent Advisor

‎08-02-2005 08:40 PM

‎08-02-2005 08:40 PM

Re: inetd fork without checking maxuprc

Hi Steven,
You're right but my question is not how to tune maxuprc.

If I set maxuprc to 400, I don't want any user could run more than 400 process. It's a protection!
Now, imagine your application is using inetd to start a service. In inetd.conf, you have a line like this :

myservice stream tcp nowait myuser /opt/myapp/bin/myproc myproc

It means a client can connect to your server through "myservice". In this case, inetd invokes the process "myproc" with ID "myuser".
ps will show you something like this :

UID PID PPID C STIME TTY TIME COMMAND
root 1900 1 0 May 25 ? 19:19 /usr/sbin/inetd
myuser 5000 1900 0 Aug 3 ? 0:00 myproc

Suppose your client have a bug: loop for 1000 connections instead of 1 connection. Inetd will invoke the process 1000 times.
On your server.
maxuprc is still 400 but now ps will show you 1000 process "myproc" with uid "mysuer".


Regards.
0 Kudos
Reply
Eric Guerizec
Frequent Advisor

‎08-02-2005 10:08 PM

‎08-02-2005 10:08 PM

Re: inetd fork without checking maxuprc

I have the answer from HP.
Use xinetd (freeware) to have more secure options. With xinetd, we can limit the number of process.

Regards
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.