4

I noted that in /etc/security/limits.conf, the limits are configured on a per user basis (or per group basis), for example: @faculty hard nproc 50

I assume that it is setrlimit that does the work to set limits, but setrlimit works on a process basis, that is, it only sets resource limits on its calling process, so since it can't set limits on user, how can OS honor resource limits configured in limits.conf?

Another question, If a certain process exceeds its resource quota, will it be killed? If so, by what signal? Thank you.

wangshuaijie
  • 1,821
  • 3
  • 21
  • 37

3 Answers3

4

As already answered, the OS honors user limits per process, not per user.

Should you want the limits to apply to all processes belonging to a user, you can use control cgroups:

http://en.wikipedia.org/wiki/Cgroups

jlliagre
  • 29,783
  • 6
  • 61
  • 72
  • good advice, this remind me that I've just attended a lecture about cgroup, IBM's load leveller has been built on cgroup to enforce user resource control. – wangshuaijie Mar 20 '12 at 02:30
  • Here is also an article about cgroups: http://www.oracle.com/technetwork/articles/servers-storage-admin/resource-controllers-linux-1506602.html – jlliagre Mar 24 '12 at 13:41
3

You can set hard and soft limits, per user/group. To be able to change its own hard limit the process needs to be privileged (root). What happens when process attempts to exceed its soft limit depends on the resourse:

  1. data limit - malloc and new would fail
  2. open files - creation of file descriptor failes (open, creat, socket, accept, etc.)
  3. core - core file would be truncated
  4. file size - SIGXFSZ is delivered to offending thread.
  5. stack - SIGSEGV delivered to offending thread
  6. etc.

Look on setrlimit manpage for more information.

In limits.conf you assign limits per process for a specified user/group. So if you set 10MiB stack limit for user X it means that each and every process executed with user X credentials has 10MB stack limit set. It is not a limit that describes 'a sum of resources' for all processes owned by user X

sirgeorge
  • 6,331
  • 1
  • 28
  • 33
  • :thanks for your replay, maybe I need state my question more clearly. e.g. I have a user A, and I want to set his/her rss limit to 100k, but you know setrlimit can only set limit on process, so if user A forks 3 processes, each calling setrlimit to set its rss limit to 100K, but since user A has 3 processes, his/her rss consumption is 300k, well exceeding the limit I posed on this user. So I wonder how OS guarantee that user can't consume more resources as indicated in limits.conf? – wangshuaijie Mar 19 '12 at 06:41
  • Ok, maybe I should be more precise too :) In limits.conf you assign limits *per process* for a specified user/group. So if you set 10MB stack limit for user X it means that *each and every process* executed with user X credentials has 10MB stack limit set. – sirgeorge Mar 19 '12 at 06:47
  • @sirgeorge Any citation for the per-process limit even in `limits.conf`. Someone the docs I've stumbled into aren't specific about this – Pavan Manjunath Mar 19 '12 at 07:21
  • @Pavan Manjunath: It is difficult, to find it written, explicitely, but since all limits are per process, you can figure it out (or check it yourself). These values are the "default" or starting values for per process limits. The closest citation (still not perfect) is here: http://ss64.com/bash/limits.conf.html : "The values specified with this token can be thought of as default values, for normal system usage." – sirgeorge Mar 19 '12 at 07:27
0

From man setrlimit

RLIMIT_NPROC The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process. Upon encountering this limit, fork(2) fails with the error EAGAIN.

As you can see, setrlimit can set limits on the user of the calling process. So it can set limits on a user through the calling process of that user.

To your second question, in a few instances, the kernel does not allow a process to exceed its limit in the first place. In the above example, fork() itself fails rather than killing the calling process after allocating more resources. In some instances, for example in CPU usage , when the process exceeds its SOFT_LIMIT, a SIGXCPU is sent. And when it exceeds its HARD_LIMIT, SIGKILL is sent

Pavan Manjunath
  • 27,404
  • 12
  • 99
  • 125
  • What about other limits? e.g. cpu, memory, AS, or so, how can OS enforce these? Or does OS collect the memory usage of all the processes belonging to certain user? – wangshuaijie Mar 19 '12 at 06:31