[How to] Limiting server's resource usage via limits.conf

Started by Xhanch Studio, March 08, 2011, 07:35:19 AM

previous topic - next topic
Go Down

Xhanch Studio

March 08, 2011, 07:35:19 AM Last Edit: March 08, 2011, 07:38:08 AM by Xhanch Studio
Limiting server resource usage (especially user processes) is essential and very important for running a stable system/server especially when a web server is used by several users (for shared hosting or personal use). The server resource includes memory, CPU usage time, number of process and many more.

For a server that is used by several users, it is very recommended to limit resource usage per user in order to prevent resource outage that will affect the other users. By limiting resource usage per user, you can keep other websites up when a website is trying to use lots of server resource. If you are not doing this, your web server can be totally down only caused by processes that belong to a user or several users. Of course this is not fair for the other users.

As another benefit, this will prevent server attacks such as fork bomb attack, abnormal huge traffic (can be DDoS attack), and so on that will use up your resource to 100% and cause your web server down.


Here is how to limit server resource usage?

To limit server resource usage for a user, you need to edit /etc/security/limits.conf to add usage/limit rules for a user name or group or several/all users. You may type nano /etc/security/limits.conf when you use SSH.
Understanding limits.conf file

Quote<domain> can be:
    - an user name
    - a group name, with @group syntax
    - the wildcard *, for default entry
    - the wildcard %, can be also used with %group syntax, for maxlogin limit

<type> can have the two values:
    - "soft" for enforcing the soft limits
    - "hard" for enforcing hard limits

<item> can be one of the following:
    - core ââ,¬â€œ limits the core file size (KB)

<value> can be one of the following:
    - core ââ,¬â€œ limits the core file size (KB)
    - data ââ,¬â€œ max data size (KB)
    - fsize ââ,¬â€œ maximum filesize (KB)
    - memlock ââ,¬â€œ max locked-in-memory address space (KB)
    - nofile ââ,¬â€œ max number of open files
    - rss ââ,¬â€œ max resident set size (KB)
    - stack ââ,¬â€œ max stack size (KB)
    - cpu ââ,¬â€œ max CPU time (MIN)
    - nproc ââ,¬â€œ max number of processes
    - as ââ,¬â€œ address space limit
    - maxlogins ââ,¬â€œ max number of logins for this user
    - maxsyslogins ââ,¬â€œ max number of logins on the system
    - priority ââ,¬â€œ the priority to run user process with
    - locks ââ,¬â€œ max number of file locks the user can hold
    - sigpending ââ,¬â€œ max number of pending signals
    - msgqueue ââ,¬â€œ max memory used by POSIX message queues (bytes)
    - nice ââ,¬â€œ max nice priority allowed to raise to
    - rtprio ââ,¬â€œ max realtime priority
    - chroot ââ,¬â€œ change root to directory (Debian-specific)



Examples

Code Select
example hard nproc 200
#prevent example to run more than 200 processes
@ruby hard nproc 75
#prevent anyone in the ruby group from having more than 75 processes
Best Regards,
Susanto B.Sc
----------------------------------------------------------------------------
Web development services, WordPress plugin and theme development, PSD to XHTML conversion - http://xhanch.com
Read free manga online - http://authrone.com

Go Up