I administer a couple of systems with up to 700 shell account users. Lately I am experiencing local "DoS" attacks so to speak, which aren't malicious, just basically resultant of some users with heavy mail load running spamassassin out of their procmailrc files. (I already run spamassassin daemonised globally, but they need it for other purposes). The result is processor queues (wrongly termed "cpu load") of 50 entries per entity and thus a system that's unusable and most likely stays so because it doesn't catch up with mail.
To make a long story short, I need a way to control how processor time is shared between users. I have inspected limit/ulimit and pam_limits, but neither cputime nor nproc will do what I want. At least I don't think so. I'd love to be proven wrong. I know that some of you must be in the same position. Would you care to share your approach with me? Also, are there other approaches, kernel patches, or cpuquota tools beside pam_limits? Thanks, -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
pgp00000.pgp
Description: PGP signature