Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I need to set a higher priority for sshd and sshguard processes, but I can’t find a way. On my server, there are 2 types of users (faculty and student with corresponding groups) plus the root. Moreover, I need a realtime group.
Users from group faculty (also student, if needed) need to be able to ssh even if the server RAM is almost full.
Here is my limits.conf:
Code:
root soft priority -15
@faculty soft priority -5
@student soft priority 0
@realtime soft priority -10
root hard nice -20
@faculty hard nice -10
@student hard nice -5
@realtime hard nice -15
@faculty hard nofile 16384
@faculty soft nofile 16384
@realtime soft rtprio 99
@realtime soft memlock 500000
However, at startup processes from faculty run with default priority 10 and niceness -10, while root processes run with default priority 20 and niceness 0.
How can I make root processes run with default priority lower than other groups?
Probably you need rebuild or even patch kernel to achieve support for real time processes. Higher priority for daemon process? Why do you need that? Something with ssh connection? Do you have thousands ssh connections per second?
The server is mainly used for scientific experiments and it happens that some user fills the RAM, making it impossible to log in. I'm still trying to set up nohang or another oom-killer properly, but in the meanwhile, it would be useful to be able to access the server when problems occur, so that I can understand why nohang is not killing processes...
In general, I want to be able to access the server in any circumstance, because it's almost the only way to log in.
There is quotas system - at least for storage - maybe there are quotas for memory and other resources Maybe try to ask for batch mode rather than interactive - someone can run its app - at night? But I don't see how lack of RAM may influence system response. System is using swap. Stacking - procedure calls - can dramatically slow system. This behavior is something new? Keep open connection all the time. As common user. You can always sudo or su.
The server is mainly used for scientific experiments and it happens that some user fills the RAM, making it impossible to log in.
Then fix the problem, not the symptom.
Trying to define in advance what (who) can be not killed is likely to get political. I take the opposite approach in a different environment. When I'm doing benchmarks, everything other than my terminal session runs in a single control group with the resources I define. I get the rest (not much but enough) to ensure I can monitor uninterrupted. You could do similar, and as suggested above, keep your ssh session active but disconnected so you can re-connect later when you need to investigate. Won't help anyone else but in the investigation stage that's probably what's needed.
Like I said, politics means the world is likely crash down on you if this gets out. :shrug:
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,807
Rep:
Quote:
Originally Posted by fortea
The server is mainly used for scientific experiments and it happens that some user fills the RAM, making it impossible to log in.
renice(1) might be used to tweak the scheduling priority of sshd process. But this is a hammer instead of a scalpel: everyone's ssh connection is affected.
In my experience, though, this seems like more of an "insufficient swap space" or "process ulimit" problem than one about daemon scheduling priorities. Once a user has sshed into the system and grabbed all available memory, I'm not certain how having modified the priority of sshd would help. Raising the priority of the sshd process is no guarantee that someone will be able to get onto the system when the system is completely starved of available RAM.
The output of free(1) would be interesting to see.
I agree with rnturn's assessments. Fiddling with process priorities won't help you here. Your system is becoming over-committed and so it is "thrashing."
As others have noted, the ulimit command can be used to prevent user processes from commanding too much memory, but this is only partially useful if your system is thrashing. You might simply need more hardware, particularly RAM. ("Chips are cheap ... splurge.")
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.