> I am working on some resource limit stuff and would like to be > able to use login.conf to restrict the number of cgi processes that > certain users can run. Unfortunately, the proprietary cgi product we use > is owned by root and suid's to the user who owns the script that it is > called to run. (This is not what I would call a "good idea," but it's what > I have to work with.) > > I've created a login class with the appropriate permissions, and > if I put a test user in that class and test its limits with normal system > processes (like ls, sleep, etc.) it follows all the rules. However when I > start miva (proprietary cgi) processes for scripts owned by that user, it > ignores the limits, presumably because the process starts its life as > root. > > Soooo, the question is, how can I do what I want to do, and if I > can't do it with login.conf does anyone have any other suggestions? > Specifically I need to restrict the amount of ram and the number of > processes on a per user basis. I'm working on a -current system, but I > don't think this issue bears directly on -current. You need to pester the vendor to correctly switch limits when they switch UIDs. Alternatively, if this is unlikely _and_ the application is dynamically linked, you could produce a library containing patched set*id functions and force it into the app using LD_PRELOAD. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ [EMAIL PROTECTED] \\ -- Joseph Merrick \\ [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
