[How to] Limiting server's resource usage via limits.conf

Started by Xhanch Studio, March 08, 2011, 07:35:19 AM

previous topic - next topic
Go Down

Xhanch Studio

March 08, 2011, 07:35:19 AM Last Edit: March 08, 2011, 07:38:08 AM by Xhanch Studio
Limiting server resource usage (especially user processes) is essential and very important for running a stable system/server especially when a web server is used by several users (for shared hosting or personal use). The server resource includes memory, CPU usage time, number of process and many more.

For a server that is used by several users, it is very recommended to limit resource usage per user in order to prevent resource outage that will affect the other users. By limiting resource usage per user, you can keep other websites up when a website is trying to use lots of server resource. If you are not doing this, your web server can be totally down only caused by processes that belong to a user or several users. Of course this is not fair for the other users.

As another benefit, this will prevent server attacks such as fork bomb attack, abnormal huge traffic (can be DDoS attack), and so on that will use up your resource to 100% and cause your web server down.

Here is how to limit server resource usage?

To limit server resource usage for a user, you need to edit /etc/security/limits.conf to add usage/limit rules for a user name or group or several/all users. You may type nano /etc/security/limits.conf when you use SSH.
Understanding limits.conf file

Quote<domain> can be:
    - an user name
    - a group name, with @group syntax
    - the wildcard *, for default entry
    - the wildcard %, can be also used with %group syntax, for maxlogin limit

<type> can have the two values:
    - "soft" for enforcing the soft limits
    - "hard" for enforcing hard limits

<item> can be one of the following:
    - core â€" limits the core file size (KB)

<value> can be one of the following:
    - core â€" limits the core file size (KB)
    - data â€" max data size (KB)
    - fsize â€" maximum filesize (KB)
    - memlock â€" max locked-in-memory address space (KB)
    - nofile â€" max number of open files
    - rss â€" max resident set size (KB)
    - stack â€" max stack size (KB)
    - cpu â€" max CPU time (MIN)
    - nproc â€" max number of processes
    - as â€" address space limit
    - maxlogins â€" max number of logins for this user
    - maxsyslogins â€" max number of logins on the system
    - priority â€" the priority to run user process with
    - locks â€" max number of file locks the user can hold
    - sigpending â€" max number of pending signals
    - msgqueue â€" max memory used by POSIX message queues (bytes)
    - nice â€" max nice priority allowed to raise to
    - rtprio â€" max realtime priority
    - chroot â€" change root to directory (Debian-specific)


Code Select
example hard nproc 200
#prevent example to run more than 200 processes
@ruby hard nproc 75
#prevent anyone in the ruby group from having more than 75 processes
Best Regards,
Susanto B.Sc
Web development services, WordPress plugin and theme development, PSD to XHTML conversion - http://xhanch.com
Read free manga online - http://authrone.com

Go Up