Greetings WHT! I've searched all Websites and Newsgroups for a good example of these values:

- RLimitCPU
- RLimitMEM
- RLimitNPROC

Information on them, (short of the canned overviews) is sparse to say the least, however they do serve a useful purpose when used properly. Is anyone using these values on a large site, and if so, did you find happy medium for the above values? There are a couple of small discussions on this issue here, but nothing that really appears to be from someone that's found the optimal settings.

One host I'm on (pair), from what I can gather limits CGI processes to 30 CPU seconds, and no more than 2.5 to 3 Megs of memory per process, which results in servers that rarely crash- at least in 5 years of having a site there. As for RLimitMEM, some of the discussions here are suggesting a maximum of 20-Megs per single process? Hmm... Isn't that a little high? Who's going to use 20-megs of memory in a single CGI process?:eek:

As for RLimitNPROC, hmm... I haven't fully grasped this one yet, but any settings that are working well for someone would be appreciated :)

Any help is welcome!

Originally posted by fbsd4me

As for RLimitNPROC, hmm... I haven't fully grasped this one yet, but any settings that are working well for someone would be appreciated :)

Any help is welcome!


RLimitNPROC limits the number of times the script can run concurrently.

Matt

Thanks for the reply.

Actually, I knew what it was. It’s really a problem with not knowing, and or having a good frame of reference with what settings would work best. The few examples I did manage to find were so extreme (from one to the other), I don’t know where to begin. Generally, you can find a hundred and one examples/discussions on things like this in the News Groups, but not this time ):

Well, it all depends on your hardware specs and your configuration. Then, how much you assume is a reasonable amount. Perhaps a limit of 5 processes at any one given time for a single user is sufficient, maybe 20 would be more reasonable -- albeit, that's a lot for one site to have running at once, which could be that many all day, every moment the server is running. Conversely, perhaps you are only able to implement a global limit, in which even 20 processes probably won't be enough, but still a high limit to at least prevent the web server from crashing or crashing the server (system) too, should be implemented. It also depends on if you are using this specification globally or in each user's virtual host and using perhaps the SuEXEC CGI wrapper. That's to say, you'll not want to limit the entire web server, globally, with the same specs you want to limit individual user's to. Moreover, that Apache has so many min and max servers and start up processes, and things like PHP run as the main web server's user (and group probably too), as well as all the other user's. If you don't use a CGI wrapper, then their CGI scripts will as well -- and I'm simply trying to be clear, that if you have one user running tons of processes (httpd or CGI or PHP, etc.), that you'll hit your limit and one user can cause a lot of problems for everyone else that no longer has any chance, as all the processes are taken now, according to the configuration and limits you've enforced. Don't misunderstand me though, these limitations are good and should be used -- just consider how and what is best for your configuration and your system.


You can implement both local virtual host limits (only if it's a valid reason -- i.e., something on their Vhost will run as another user other than the global web server user (e.g., SuEXEC)), and also implement a global limit as well. Again, you might not need VH limitations, depending on your configuration, but if you can, do so as well, so one or a few user's can't take up the lot for just themselves and make other's suffer. Then, or possibly exclusively, as explained above, you add in global limits, to still keep things under control in the extreme circumstances, for things that still do run globally, like mod_perl, mod_php, etc. It just depends, so it's difficult to say or just specify the most likely or reasonable number (since none of us are familiar with your hardware specs or configuration, or what you're running). I hope that provides a little more insight, even if I wasn't able to answer the question for the above reasons. Good luck.

Really appreciate that Tim.

From everything you’re saying, I’m probably better off using the RL features (if needed at all) on individual virtual hosts when required. I’m currently running a PIII 1 Gig with 256, and a handful of users on it. Resource abuse seems to be an ongoing problem, and continues to get worse. I was just hoping I could avoid some of this headache by implementing reasonable restrictions on the servers resources. No… Nothing bad has happened yet, but I suspect it will in time :rolleyes:

Well... how about these settings? 20 to 30 CPU seconds; 3 Megs of memory, and 4 to 8 processes for a single user.

RLimitCPU 20 30
RLimitMEM 3000000
RLimitNPROC 4 8

Again, I’m not having a problem now, but I’ve read far too many posts on this forum of “HELP!!! My CPU is pinned at 9… HELP… SOMEONE!!!!” :bawling: This is the sort of pleasant scenario I’m really trying to avoid. If I can find some good settings for these RL features, I’ll have a plan in place for such a scenario:D

Thanks again!

Well, that's a decent amount/numbers, I agree, off the top of my head anyway. But, you'll surely want to give them more memory/RAM usage. 3 megs isn't a lot. I know it sounds ridiculous to assign someone 20 megs, but that's about average, actually. Apache alone on it's processes can use, on average, about ~20 megs memory. I'd cut the CPU limit down from 20 or 30 to more like 5 to 10 though, but it really depends on what people are running and what you want to allow. Are you worried about CGI being the resource hog in this scenario? Are you worried about PHP? Does PHP run as CGI? Do you use SuEXEC in your web server? If you don't use SuEXEC, then you are not going to be able to set individual limits. You have to be using SuEXEC (CGI Wrapper), and these specifications will only apply to CGI processes. It will not aply to PHP if it's a server module and runs as the web server user. So, you'll again need to set the global limits (just the same way, but higher values, of course) for the web server itself, or you risk CGI (if you don't use SuEXEC) or PHP overloading the system still (and that is only if you don't use SuEXEC or don't run PHP as CGI too). Again, if you don't use SuEXEC, you'll have no advantage or effect of putting limits in their virtual host block and you can only limit it globally -- in which case, the values are certainly going to need to be higher. I find I'm repeating myself here, sorry about that, it's been a long day. Anyway, definitely implement a high, but reasonable limit for the entire web server itself. If you do run SuEXEC, then those limits, with the changes I mentioned above (which is just my opinion, knowing nothing about your server/system), should be implemented as well. Good luck.