Quote:
Originally posted by jic
Is it possible to limit the % of system usage a CGI uses. I know some people have memory / processor hogging CGI's that lag up a system. Please let me know anyway you guys have gotten around this problem.
We are running Apache / Slackware Linux
Thanks,
James R. Clark II
Nethosters Inc.
|
Yes, have the user's CGI scripts run as their own user and group by using Apache with the SuEXEC feature. This is safer and allows you to have more control over the user's processes. The user's can set the permissions on their executable scripts and files that are created, written to or the like to 700, rathe than 755. Since only their user can read, write and execute the file in question, no one else, even in their same group can execute it.
SuEXEC does security checks as well, which might make some people's scripts error (but only if they have them set up improperly with ownership or permission problems), which should fail anyway, at that point. There's other advantages as well, too many to list at this time of night.
Anyway, go to
http://httpd.apache.org/docs/mod/directives.html
and search for the words: RLimitMEM, RLimitCPU and RLimitNPROC. That will explain it pretty well if you're at all familiar with Apache Directives. Be sure to put them in each VirtualHost block though, for each user. And, be sure their scripts are running with the SuEXEC wrapper and as their user and group.
Linear Mode
