On Tue, Dec 15, 1998 at 12:19:33PM +0100, Ignatios Souvatzis wrote:
> > I know there isn't a simple a perfect solution to this, but I would rather
> > have a Netscape process killed by the system than have the whole server die
> > or lock up.  I guess this isn't much of a problem on a single-user machine
> > with 256 MB of RAM and 4 GB of swap.. but it seems to be a problem on a
> > smallish single-user system already, not to mention public shell systems.
> 
> The problem is when the shortage happens, you simply don't know who the "right"
> culprit to kill is.
> 
> Netscape might get N-20 pages of swap, then, say, some small cron job might
> need 25. It might be possible to implement to kill the last process needing
> swap, but this wouldn't be necessarily right.

Yes, I know this problem..  I also know that sometimes a reboot is better
than just killing off a process (wouldn't help much to have a telnet or pop
server running with its inetd dead).

But still I believe that it should be possible to configure a UN*X system
so that no non-root user can crash it or make it unusable in some other way.

How about implementing a new per-user and per-group limit:

"if a process owned by this user/group uses more than XX megs of memory
 AND the system is running out of swap, go ahead and kill the process"
 (kind of "soft quota")

The default would be "never kill a process", but the system operator could
set a "kill-when-necessary" limit for group "user" or something like that.

Better ideas?  Killing just "the most recently created process" or "the
process using most memory" wouldn't be that good, IMHO.. Are there any
existing solutions in other free or commercial OS'es?  (I know the Amiga
usually crashed and burned when it ran out of RAM... Well, it crashed
and burned even with 16 MB of free memory, so... :)

  -jm