[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
>In order to protect a Linux and a Solaris servers from fork bombs i
>decided to impose some limits (via ulimit (bash) or limit (tcsh)). On the
>linux machine there were no problems. On the Solaris I found out that
>there is no such resource as number of processes per user. (in
>/usr/include/sys/resource.h).
>Does any of you know any workaround? How can a Solaris machine be
>protected from a fork bomb?
The solaris FAQ says:
7.3) How can I restrict the number of processes per user?
Set the following in /etc/system:
set maxuprc = <num>
7.4) What purpose does the maxusers variable serve?
The maxusers variable has nothing to do with the number of
user allowed on a system. It's one big knob that scales a number
of other parameters simultaneously. The standard settings and
derivations are more or less as follows, using /etc/system syntax:
* The big knob, scales automatically
set maxusers = <amount of available physical memory in MB>
* Maximum number of allowable processes; currently at most 30000
set max_nprocs = 10 + 16 * maxusers
* Max processes per user (5 are reserved for the super user)
set maxuprc = max_nprocs - 5;
* Number of quota structures (need one per user per filesystem
* w/ quotas)
set ndquot = maxusers * NMOUNT / 4 + max_nprocs
* Maximum size of the directory name lookup cache (DNLC)
set ncsize = 4 * (max_nprocs + maxusers) + 320
set ufs_ninode = ncsize
--- end of excerpt from the FAQ
Questions marked with a * or + have been changed or added since
the FAQ was last posted
The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
by