[ On Tue, December 15, 1998 at 13:33:42 (+0200), Jukka Marin wrote: ]
> Subject: Re: userid partitioned swap spaces.
>
> How about implementing a new per-user and per-group limit:
> 
> "if a process owned by this user/group uses more than XX megs of memory
>  AND the system is running out of swap, go ahead and kill the process"
>  (kind of "soft quota")
> 
> The default would be "never kill a process", but the system operator could
> set a "kill-when-necessary" limit for group "user" or something like that.

I like this idea.

> Better ideas?  Killing just "the most recently created process" or "the
> process using most memory" wouldn't be that good, IMHO.. Are there any
> existing solutions in other free or commercial OS'es?  (I know the Amiga
> usually crashed and burned when it ran out of RAM... Well, it crashed
> and burned even with 16 MB of free memory, so... :)

AIX (at prior to 4.x.x) killed either the largest process, or the most
rectly created process, or both -- I don't remember exactly.

AIX did this with a catchable signal so that processes "in the know",
such as the X server, databases, etc., could protect themselves.  I
don't remember if you needed to be root to catch the signal or not, but
I think you did.

I don't think it should be necessary to protect the catching of a signal
such as this.  If you really need to allow users to compile and run
their own programs then you need to give them a bit of rope and trust
them with it somewhat.  For example, I get the impression that most
institutions of learning give students their own workstation to fool
around on in this way, in which case the servers can be protected by
mounting all partitions where students have write permission with the
noexec flag.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>