0

Exact duplicate of this question, which has an accepted answer that doesn't solve the problem.

How do I set sshd to run with a higher priority, so that even if the system is massively overloaded (e.g. by a fork bomb) and the cpu usage is at 100%, I can still connect to it?

Using /etc/security/limits.conf does no good, because that won't let you say "process X should always have priority", it just sets general limits.

Using cgroups doesn't work, because as far as I can tell, it lets you set absolute limits on process, but not relative ones - you can't tell it to give one process priority over others.

Community
  • 1
Benubird
  • 523
  • 1
  • 5
  • 11
  • I am thinking sshd might not be the right tool for that job. Under the circumstances you mention, you really need a server process, which doesn't need to fork or otherwise allocate resources in order to do its job. So I am thinking, something which once started does not need to allocate anymore resources for as long as it is running. So basically a process, which receive a UDP packet, validate it, process it, and send a reply back. Would it need to be capable of is show processes and consumption, as well as kill processes. – kasperd Jul 10 '14 at 16:46
  • @kasperd That's a good idea, and would be better than nothing, but not ideal. For instance, I had a cron process a little while ago that had an infinite loop bug, causing them to accumulate and overload the server. But, the loop depended on getting a read lock on a file - so all I needed to do, was use another process to write-lock it (or even just delete it), and all the copies would exit gracefully. Much better than a kill -9. – Benubird Jul 11 '14 at 10:57

0 Answers0