Well, everything going great. I’ve managed to set some good resource limits on everything from SSH, to crond, Mysql, and httpd. But wait! All of this works under “IP based accounts.” As soon as I create a “name based” account, the Apache Rlimit values are ignored.

I can’t understand this. If I insert the Rlimit values into an IP based container, they work. Try those same values in a name based container, and nothing! It’s a cpanel host, and the “enable SuExec” is on; not that I believe it makes a whole lot of difference in this case.

Is this a cpanel problem, or is this is a general problem with the name based hosting scheme? I still pretty green at this, so I haven’t got it all figured out yet.

Thanks!

Work for me here. Using apache 1.3.23, but no CPanel.

It works for you “Globally” or on a “Per user” basis as well? A global Rlimit setting will work for name-based hosts, but try using them on a per users basis, and they don’t—at least not for me. Since everything works as it should when using an “IP based” account, I wonder if I can forgo name-based hosting, and go the IP route?

I’m willing to entertain any options sent this way. The host is well tuned, and fairly secure against resource attacks, CPU abuse, etc. I’d really to hate to trash all that as the result on named-based hosting, and yes, maybe it’s a Cpanel thing, but it would help me out if someone could verify that. If I knew the problem, maybe I could conjure a fix :)

Thanks priyadi.

Name based vs. IP based domains, should not affect the SuEXEC CGI wrapper whatsoever, nor the limits posed. It must be something else, although I can't think of what at this moment. How do you know this is failing to work? What tests did you do? How is this set up? What limits are you using and where? Does it error, or just not work? Any information would be helpful.

I'm pretty sure my RLimit settings are inside VirtualHosts. So I guess it is a 'per user' setting, not a global setting.

You can't do IP based hosting forever, otherwise you will be running out of IP very soon. :)

Try your RLimits with a stock Apache, see if the problem goes away.

I’ve used a combination of ulimit and the Apache Rlimit values to manage resources. At this point, I’ve gained control over CGI usage when being called from httpd, SSH, and crond. Ok, so here’s how the httpd stuff works. If you call a cgi script via httpd, it will allow a total of 30 CPU seconds. If it goes beyond that, it’s killed. If you try to run an intensive Mysql process, which exceeds 35 to 40 CPU seconds, that is killed as well.

Well…. It was working, but as of this moment, I can run a 3 minute Mysql process, and it’s not killed. Hehe… The CPU’s pinned at 100%. I’m not sure why this in no longer working. While a Mysql process consists of several processes, (httpd and Mysqld), Rlimit in Apache should be killing the httpd part, and thus shutting the whole process down. It won’t do that now. All my other limits (when called from) ssh, Crond, CGI, and all that are still working.

As for the name-based hosting versus IP mystery, I think I’ve found the problem to that one too. It’s sort of complicated and drawn out, so I won’t bother going into all of it here. All I can say is that it is now working on both IP and name-based virtual hosts.

Ok, so I’ve reached 60% of my objective, which is to manage server resources from most areas. What I haven’t managed yet, is to get control over ‘nobody’ and Mysqld processes. And believe me, I’ve messed with every PAM and ulimit setting you can think of. I’ve tried every trick from the Unix news groups, but no luck. Mysqld and nobody based processes can run off into the deep blue sea, and there’s no way of stopping them.

For those of you wondering why I’m riffling through every last feature on this host, here’s what I’m trying to do, and simply as a pet project: I spent 14 months using trial accounts at 16 different Cpanel based hosts. The problems I observed with these hosts was unbelievable down time (such as you still see now); frequent restarts; malfunctioning mail systems, and almost all the ones I tested were continuously pinned in the red. Yes, we’re talking loads, which read anywhere from 1.5 upwards to 5.0 and holding. Very bad…

I attribute most of this (in my opinion) to mismanaged resources, and not really the providers fault, but more so because of the way Cpanel hosts are configured by default The resulting consequence, is a welcoming invitation to abusers that come in many different flavors. Just for fun, I want to see if I can address/stabilize the many issues that plague these hosts. Will I do web hosting? I don’t know yet. I’ll probably decide that (when and if) I can achieve a stable Cpanel based server. Hey, if nothing else, it’s fun, and an interesting experience ;)

Tim and priyadi, thanks for you responses so far.

Mysql is a big problem. You can limit the whole mysql process, but you can't limit a single thread. A malicious user can do full joins on ten big tables and there nothing we can do to stop him from crashing the whole mysql process.

The only solution is to give one instance of mysqld to each user, but that would be a waste of resources.

Hmm... There was an incident here at pair not too long ago where some pee brain borked the Mysql server for several nights before they nailed him. Apparently, he was running some sort of process, which from what I could gather was processing his entire server logs-- something, which is strictly forbidden on the db servers there.

I tried something like that here as an experment. Wow... I held the server at 2.3 for almost 4 minutes. If that was real life situation, I would have a lot of angry customers at me. Man... There has to be something we can do about that. There was a time we could leave everything wide open, but I think that time is coming to a fast end-- at least if you want a stable enviorment of some sort.

I guess it's the same story on 'nobody' based processes too huh?

Thanks priyadi.