On 2/3/06, James Wright
Steve Graegert wrote:
1. /etc/security/limits.conf tells the kernel what and how much resources a user/group can use on a particular system. It can be seen as a quota
I have a couple of questions on this. The /etc/security/limits.conf file and the ulimit seem to only limit the amount of processes per user. Can you also limit the amount of processes that this system itself is allowed to concurrently run?
No, I don't think so. /etc/security/limits.conf allows per user setting, only. It is possible to limit the number of processes for all users. Simply add * U 128 to limits.conf. It won't allow any user to create more than 256 processes.
(OT, or is there a way to create a white list of allowed processes?).
No.
Also, are changes to the limits.conf file immediate, or does a service need to be restarted for any changes to take effect?
Yes, a reboot is required.
You could create a script that oversees requests for processes, check the request against a white list, then update the limits.conf file to allow an additional process. Is this a good idea, or is my logic flawed?
It won't work since limits.conf is only read once. See previous answer.
\Steve
--
Steve Graegert