Results 1 to 9 of 9
-
09-22-2009, 08:35 PM #1Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 55
[suPHP] limit number of processes per uid
Hi there,
I've been playing with suPHP now for some time and all seems to work well. However, something I've been trying for some time now is to limit the number of simulaneous php processes per UID running at any given time. I would like to prevent customers from running more than x scripts at once but have failed to see how this can be done (with our without the help of suPHP).
If this is not possible with suPHP, would this be an interesting feature for future releases (if implementable at all)?
How HostGator is limiting the processes to 25 (http://www.webhostingtalk.com/showthread.php?t=736602)?
Any comments/thoughts on this?
Thanks.
-
09-22-2009, 08:54 PM #2Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
http://www.cpanel.net/apps/easyapache/custom.html
SuPHP PAM patch - This module allows you to use limits (/etc/security*.conf) with SuPHP. More information about the patch can be found here.
download: custom_opt_mod-suphp_pam_patch.tar.gzSteven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
06-18-2010, 10:41 PM #3Web Hosting Master
- Join Date
- May 2001
- Posts
- 1,349
I've installed the patch and compiled it via EasyApache. But it doesn't seem to be working. There were no errors reported and Apache still works fine. The limit works when I use ssh and log in as the user though, just not via the web.
This is what I put in /etc/security/limits.conf :
bobble hard nproc 1
bobble is the username I want to restrict.
Any tips and hints on how to get it to work? And Steven, I've sent you PMs and also filled out the form at your site, but never get any replies. Are you closed for business?
-
06-18-2010, 10:49 PM #4Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
I'm not sure if you are using a firewall or not but ConfigServer Firewall allows you to configure process monitoring (number of processes, running time, and memory usage). I have my server limited to 10 processes per user with each process limited to 15 minutes and 200MB of RAM and any processes that exceed those limits are killed. Hope that helps.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
06-19-2010, 02:01 AM #5Junior Guru
- Join Date
- Dec 2004
- Location
- N/A
- Posts
- 185
I have my server limited to 10 processes per user with each process limited to 15 minutes and 200MB of RAM and any processes that exceed those limits are killed. Hope thatSupport is OFFLINE
-
06-19-2010, 03:25 AM #6Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Yes, just make sure you don't have it scanning all user processes or else it might kill system processes causing you some headaches. Also, I want to correct my previous post: it doesn't kill selective processes like I made it sound, it kills all processes by that user.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
06-20-2010, 10:36 PM #7Junior Guru
- Join Date
- Dec 2004
- Location
- N/A
- Posts
- 185
Thanks buddy I enabled this on few servers and its doing well. But I'm worried that this would overload exim on large servers while mail alerts are enabled. Does this log to any file if I disable the email alerts?
On large servers I get about 500 kills for 30 min while the server is running at high load (since processors take long time to execute while at high load) and no or only few kills while server runs at low load. This seems to be a perfect solutionSupport is OFFLINE
-
06-21-2010, 01:53 AM #8Web Hosting Master
- Join Date
- May 2001
- Posts
- 1,349
Is it possible to have exceptions? Like users that are allowed to exceed limits?
-
06-21-2010, 03:00 AM #9Junior Guru
- Join Date
- Dec 2004
- Location
- N/A
- Posts
- 185
Yes you can ignore any user but I don't think users can have their own limits. I guess that's bit of a problem
Try this link;
http://forum.configserver.com/showthread.php?t=2059Support is OFFLINE
Similar Threads
-
suPHP + CGI PHP and Zombie processes
By DevMonkey in forum Hosting Security and TechnologyReplies: 3Last Post: 05-28-2009, 07:50 PM -
limit exim processes
By almahdi in forum Hosting Security and TechnologyReplies: 2Last Post: 10-06-2005, 07:24 PM -
How to limit the amount of exim processes ??
By thomas.smith in forum Hosting Security and TechnologyReplies: 2Last Post: 02-04-2005, 06:28 AM -
Number of Processes
By xp101 in forum Hosting Security and TechnologyReplies: 3Last Post: 03-04-2004, 09:00 PM -
Limit Number of Processes and Reduce Load Average
By xp101 in forum Dedicated ServerReplies: 39Last Post: 02-28-2004, 03:25 AM