This is untested, but my reading of the manpages leads me to believe that this trivial fork bomb would be stopped dead by a simple inclusion of `ulimit -Hu 100` in /etc/profile .
À propos /etc/profile: is it *always* sure, that limits set in this file will be applied, or can a user avoid its execution by other means (changing defaultshell, at- or cron-job, ...) ? Peter
It is _not_ ensured.
For cron and at you'd need to run the respective daemons with the limits
already. They inherit their limit to their children.
Also, if you run a command like this:
ssh remotehost -l remoteuser do_nasty_things
then /etc/profile isn't read as well. So the whole thing is a bit tricky
to come by. As Sebastian pointed out already: userdel is your friend. If
that doesn't work with your business model, user very restrictive methods
to get rid of such people. Real BOFHs know some methods...
Thanks,
Roman.
--
- -
| Roman Drahtmüller