Yo,
To effectively prevent such 'attacks', use the "userdel" program which was wriiten for such purposes.
Yeah, Disconnect power is just as usefull.
From the man page:
CAVEATS userdel will not allow you to remove an account if the user is currently logged in. You must kill any running processes which belong to an account that you are delet- ing. I think this one is too easy and something should be done, specially if "this one is rather old". I've not heard one single argument why this couldn't and shouldn't be fixed. If the kernel is killing processes it might just as well try to locate the offending PID and kill that tree (childs included). I wouldn't care if the kernel temporarily halted all user processes for a few seconds while it sat down and thought about something effective. A procedure could be: 1) Detect resource depletion 2) prevent any user-process resource consumption 3) Count that resource for all pid's 4) Add the resource count of all childs to the parent (and again, all the way to the root) 5) Walk the parent -> child tree and look for one PID that suddenly has more than 50% of the resource 6) Kill that process tree 7) Resume normal operation Or something... CIAO, Peter