Results 1 to 9 of 9
  1. #1
    Join Date
    Jul 2009
    Posts
    55

    Question [suPHP] limit number of processes per uid

    Hi there,

    I've been playing with suPHP now for some time and all seems to work well. However, something I've been trying for some time now is to limit the number of simulaneous php processes per UID running at any given time. I would like to prevent customers from running more than x scripts at once but have failed to see how this can be done (with our without the help of suPHP).

    If this is not possible with suPHP, would this be an interesting feature for future releases (if implementable at all)?

    How HostGator is limiting the processes to 25 (http://www.webhostingtalk.com/showthread.php?t=736602)?

    Any comments/thoughts on this?

    Thanks.

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    http://www.cpanel.net/apps/easyapache/custom.html

    SuPHP PAM patch - This module allows you to use limits (/etc/security*.conf) with SuPHP. More information about the patch can be found here.
    download: custom_opt_mod-suphp_pam_patch.tar.gz
    You need to install that module with easyapache. You can then utlize pam rlimits to limit users.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    May 2001
    Posts
    1,349
    I've installed the patch and compiled it via EasyApache. But it doesn't seem to be working. There were no errors reported and Apache still works fine. The limit works when I use ssh and log in as the user though, just not via the web.

    This is what I put in /etc/security/limits.conf :
    bobble hard nproc 1

    bobble is the username I want to restrict.

    Any tips and hints on how to get it to work? And Steven, I've sent you PMs and also filled out the form at your site, but never get any replies. Are you closed for business?

  4. #4
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    I'm not sure if you are using a firewall or not but ConfigServer Firewall allows you to configure process monitoring (number of processes, running time, and memory usage). I have my server limited to 10 processes per user with each process limited to 15 minutes and 200MB of RAM and any processes that exceed those limits are killed. Hope that helps.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  5. #5
    Join Date
    Dec 2004
    Location
    N/A
    Posts
    185
    I have my server limited to 10 processes per user with each process limited to 15 minutes and 200MB of RAM and any processes that exceed those limits are killed. Hope that
    Is this being killed with CSF?
    Support is OFFLINE

  6. #6
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Yes, just make sure you don't have it scanning all user processes or else it might kill system processes causing you some headaches. Also, I want to correct my previous post: it doesn't kill selective processes like I made it sound, it kills all processes by that user.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  7. #7
    Join Date
    Dec 2004
    Location
    N/A
    Posts
    185
    Quote Originally Posted by ZKuJoe View Post
    Yes, just make sure you don't have it scanning all user processes or else it might kill system processes causing you some headaches. Also, I want to correct my previous post: it doesn't kill selective processes like I made it sound, it kills all processes by that user.
    Thanks buddy I enabled this on few servers and its doing well. But I'm worried that this would overload exim on large servers while mail alerts are enabled. Does this log to any file if I disable the email alerts?

    On large servers I get about 500 kills for 30 min while the server is running at high load (since processors take long time to execute while at high load) and no or only few kills while server runs at low load. This seems to be a perfect solution
    Support is OFFLINE

  8. #8
    Join Date
    May 2001
    Posts
    1,349
    Is it possible to have exceptions? Like users that are allowed to exceed limits?

  9. #9
    Join Date
    Dec 2004
    Location
    N/A
    Posts
    185
    Yes you can ignore any user but I don't think users can have their own limits. I guess that's bit of a problem

    Try this link;

    http://forum.configserver.com/showthread.php?t=2059
    Support is OFFLINE

Similar Threads

  1. suPHP + CGI PHP and Zombie processes
    By DevMonkey in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-28-2009, 07:50 PM
  2. limit exim processes
    By almahdi in forum Hosting Security and Technology
    Replies: 2
    Last Post: 10-06-2005, 07:24 PM
  3. How to limit the amount of exim processes ??
    By thomas.smith in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-04-2005, 06:28 AM
  4. Number of Processes
    By xp101 in forum Hosting Security and Technology
    Replies: 3
    Last Post: 03-04-2004, 09:00 PM
  5. Limit Number of Processes and Reduce Load Average
    By xp101 in forum Dedicated Server
    Replies: 39
    Last Post: 02-28-2004, 03:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •