1

We would like to allocate chunks of cpu-time and RAM-hours to the users every few months. This is on a Linux server. I think process accounting can help keep track of usage but it does not enforce a usage policy. What would be a good way to enforce a usage policy. What we want is something like a bank account from which an user can withdraw cpu-time and memory-hours.

If I understand correctly ulimit puts a cap on different resources per shell instance and hence seems inadequate. I would appreciate if you correct me if I am wrong about ulimit. I suspect I am.

san
  • 123
  • 5

2 Answers2

3

Check out cgroups

http://en.wikipedia.org/wiki/Cgroups

cgroups (control groups) is a Linux kernel feature to limit, account and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups.

Demo from RedHat

http://www.youtube.com/watch?v=KX5QV4LId_c

ckliborn
  • 2,750
  • 4
  • 24
  • 36
1

pam_limits is an option you can try. Options are set and documented in /etc/security/limit.conf, which you can set as low as per user:

# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4
Rilindo
  • 5,058
  • 5
  • 26
  • 46
  • Thanks, I was exploring this option before posting. What I could not find was over what instance are these limits applied. For instance IF there is a memory cap, does that cap the sum total of all memory across all of the users process at an instant ? Or is it just the limit for one instance of a shell process ? What we want is something like a bank account form which you may withdraw cpu-time and memory-hours. – san Dec 06 '11 at 04:32
  • 1
    You can apply a cap per user. So in that case, you would probably use process accounting to track and usage and then use pam_limit to enforce it; he mechanism of triggering enforcement based on usage would need to be coded out. – Rilindo Dec 06 '11 at 04:39
  • Is it per user and across all of his/her current processes or do the limits apply only to process started from one invocation of the shell. – san Dec 06 '11 at 04:48
  • It can be applied per user and any process running under that user. – Rilindo Dec 06 '11 at 05:38