15 Jun, 2009, Banner wrote in the 21st comment:
Votes: 0
David Haley said:
Banner said:
Will disabling limits allow anything to be set

I'm not sure I understand exactly what you mean, but I think it will simply disable restrictions on things like core limit size, CPU usage, etc.

Disabling the limits file. Will that allow me to have as big a core size as I want, or let me us ulimit?
15 Jun, 2009, Banner wrote in the 22nd comment:
Votes: 0
Needless to say, I found something interesting..:


-bash: ulimit: core file size: cannot modify limit: Operation not permitted
shoie13@swgi:~$ ps ux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
shoie13 21846 0.0 0.1 1744 612 ? S Jun12 0:00 /bin/csh -f ./startup 8060
shoie13 22437 2.0 0.5 4148 2684 pts/0 Ss 15:09 0:00 -bash
shoie13 22493 0.1 3.4 19928 18004 ? SN Jun13 5:34 swreality 8060 copyover 7 0 0 0 -1 -1
shoie13 23555 0.0 0.1 2300 896 pts/0 R+ 15:09 0:00 ps ux
shoie13@swgi:~$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 71680
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 71680
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
shoie13@swgi:~$ su brian
Password:
brian@swgi:/home/shoie13$ ps ux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
brian 23638 0.0 0.2 2400 1124 pts/0 S 15:09 0:00 su brian
brian 23652 5.0 0.5 4144 2680 pts/0 S 15:09 0:00 bash
brian 23667 0.0 0.1 2300 896 pts/0 R+ 15:09 0:00 ps ux
brian@swgi:/home/shoie13$ ulimit -a
core file size (blocks, -c) 1000000
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 71680
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 71680
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
brian@swgi:/home/shoie13$ su shoie13
Password:
shoie13@swgi:~$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 71680
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 71680
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
shoie13@swgi:~$


Why does it do that when switching around with the su command?
15 Jun, 2009, David Haley wrote in the 23rd comment:
Votes: 0
Banner said:
Disabling the limits file. Will that allow me to have as big a core size as I want, or let me us ulimit?

I believe that it will turn off limits entirely, so necessarily yes, there will no longer be limits on the core file size. Assuming of course that this does what I think it does.

Banner said:
Why does it do that when switching around with the su command?

Doing that constitutes a log-in, did you try logging in again as user "shoie13"?
15 Jun, 2009, Davion wrote in the 24th comment:
Votes: 0
If you aren't doing this already, I'd really suggest blanking out (changing) usernames from code blocks, when quoting your linux shell. Part of Linux's rock solid security involves attackers not knowing any username beyond root.
15 Jun, 2009, Guest wrote in the 25th comment:
Votes: 0
Then that's not much of a security model! :)

Runter said:
Little off topic, but does anyone know how to make the cores in linux default with an index number? I've seen some systems I've worked on in the past doing that.


Turning that off usually means using this:
Quote
/sbin/sysctl -w kernel.core_uses_pid=0


Setting that to 1 should reverse it and give you what you want.
15 Jun, 2009, David Haley wrote in the 26th comment:
Votes: 0
Actually it is a good component to security. If you have to dictionary-attack both usernames and passwords, your search space is a whole lot larger than if you only have to dictionary-attack the passwords. It's a basic principle of game theory: the more knowledge you give the opponent, the more they have in hand to beat you.
16 Jun, 2009, Banner wrote in the 27th comment:
Votes: 0
Davion said:
If you aren't doing this already, I'd really suggest blanking out (changing) usernames from code blocks, when quoting your linux shell. Part of Linux's rock solid security involves attackers not knowing any username beyond root.

Well, I didn't think I'd have to worry about anyone from here attempting something like that, but if you feel it is necessary, I will do so!


David Haley said:
Banner said:
Why does it do that when switching around with the su command?

Doing that constitutes a log-in, did you try logging in again as user "shoie13"?

Yes, it's 0. But then I 'su' to another user and it gives me the soft limit I set in the limits file, then I su back to the first user and it gives me unlimited, which is extremely odd. Why doesn't it do it at login?


Samson said:
Quote
/sbin/sysctl -w kernel.core_uses_pid=0


Setting that to 1 should reverse it and give you what you want.


treeroots@swgi:/home/lovebucket# /sbin/sysctl -w kernel.core_uses_pid=1
error: "Operation not permitted" setting key "kernel.core_uses_pid"
treeroots@swgi:/home/lovebucket#


And Quantact asked me to try that, but they said it might not work since its a vm on OpenVZ, which it didn't. :(
16 Jun, 2009, quixadhal wrote in the 28th comment:
Votes: 0
If you are getting one set of performance on an "su", and another on login, that suggests that what you have setup gets invoked either by su's mechanic, or via .bash_profile but not .bash_login.

It always drove me nuts trying to track down which set of files is (and can be) invoked at login vs. creation of a new shell.
16 Jun, 2009, Banner wrote in the 29th comment:
Votes: 0
quixadhal said:
If you are getting one set of performance on an "su", and another on login, that suggests that what you have setup gets invoked either by su's mechanic, or via .bash_profile but not .bash_login.

It always drove me nuts trying to track down which set of files is (and can be) invoked at login vs. creation of a new shell.

How would one make su's setup work on login as well?
16 Jun, 2009, David Haley wrote in the 30th comment:
Votes: 0
It's in the bash manpage somewhere (or whatever shell you're using) – there is the profile and the rc, and one is always invoked, and the other is invoked only on login. I can never remember which is which, though…
16 Jun, 2009, Guest wrote in the 31st comment:
Votes: 0
Banner said:
treeroots@swgi:/home/lovebucket# /sbin/sysctl -w kernel.core_uses_pid=1
error: "Operation not permitted" setting key "kernel.core_uses_pid"
treeroots@swgi:/home/lovebucket#


And Quantact asked me to try that, but they said it might not work since its a vm on OpenVZ, which it didn't. :(


You need to be logged in as root to do that. If you don't have root then you need to get the sysadmin to do it for you if they're willing.
16 Jun, 2009, Banner wrote in the 32nd comment:
Votes: 0
Samson said:
Banner said:
treeroots@swgi:/home/lovebucket# /sbin/sysctl -w kernel.core_uses_pid=1
error: "Operation not permitted" setting key "kernel.core_uses_pid"
treeroots@swgi:/home/lovebucket#


And Quantact asked me to try that, but they said it might not work since its a vm on OpenVZ, which it didn't. :(


You need to be logged in as root to do that. If you don't have root then you need to get the sysadmin to do it for you if they're willing.

It's a vps, I was logged in as root, hence the username I changed it to.
16 Jun, 2009, Cratylus wrote in the 33rd comment:
Votes: 0
This stuff works fine on dediacated hardware, and on XEN vpses because
of the nature of the isolation of those instances.

openvz is different, and like a chroot jail. What you're trying to do is
modify a kernel that doesn't belong to you, because you're only
root in a container, not root in the global zone.

You really need to work this out with your vps provider. You're just
going to keep chasing yer tail otherwise.

-Crat
http://lpmuds.net

PS is evileyehosting out of business? Can't access the hosting stuff no more.
16 Jun, 2009, Banner wrote in the 34th comment:
Votes: 0
Cratylus said:
This stuff works fine on dediacated hardware, and on XEN vpses because
of the nature of the isolation of those instances.

openvz is different, and like a chroot jail. What you're trying to do is
modify a kernel that doesn't belong to you, because you're only
root in a container, not root in the global zone.

You really need to work this out with your vps provider. You're just
going to keep chasing yer tail otherwise.

-Crat
http://lpmuds.net

PS is evileyehosting out of business? Can't access the hosting stuff no more.


Yes, they mentioned I should try Xen, but I tried that on Linode and it seems the kernel takes up at least a quarter of the memory, which seems like a waste to me.

EvilEye Hosting has closed public hosting, we only do it privately now.
16 Jun, 2009, Cratylus wrote in the 35th comment:
Votes: 0
Banner said:
Yes, they mentioned I should try Xen, but I tried that on Linode and it seems the kernel takes up at least a quarter of the memory, which seems like a waste to me.


You probably weren't looking at what you thought you were looking at.

On dedicated hw and on VPS, modern kernels tend to aggressively
cache files in memory. This looks like you're out of ram, if you don't
know that's what's happening. In fact, it's just putting idle ram to good use.

There are ways to keep an eye on it. I recommend using xen over openvz,
pretty much because of the kind of problems yer running into.

-Crat
http://lpmuds.net

EDIT: and on XEN i ment
16 Jun, 2009, Banner wrote in the 36th comment:
Votes: 0
Here's the top from my Linode, fresh Debian 5.0 install:

top - 02:41:01 up 8 min,  1 user,  load average: 0.04, 0.01, 0.00
Tasks: 66 total, 2 running, 64 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 368856k total, 36120k used, 332736k free, 1844k buffers
Swap: 262136k total, 0k used, 262136k free, 11864k cached


And with my MUD running:
top - 03:03:11 up 30 min,  1 user,  load average: 0.04, 0.02, 0.00
Tasks: 70 total, 1 running, 69 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 368856k total, 363720k used, 5136k free, 9760k buffers
Swap: 262136k total, 4k used, 262132k free, 305152k cached


That leaves me 5K for a webserver, mysql, postfix, dovecot, ect.! Not touching swap of course.

Edited again to add: Oh, so you're saying that used actual used memory = used memory - cached memory?
16 Jun, 2009, Cratylus wrote in the 37th comment:
Votes: 0
Banner said:
Edited again to add: Oh, so you're saying that used actual used memory = used memory - cached memory?


Yeah. Where it says cached, that's the amount of ram used for file caching.
All it means is that your OS was trying to be as efficient as possible,
avoiding disk hits that slow down overall performance. So add the cached stuff to the
free stuff and that's what you have available.

-Crat
http://lpmuds.net

edited for clarity
16 Jun, 2009, quixadhal wrote in the 38th comment:
Votes: 0
Yes, modern OS's tend to not leave any actual "free" memory, it's all divided up between file caching and swap. Personally, I think linux is a little overly aggressive in forcing things out into swap to cache file access, at least since the 2.4 kernel.

Quote
quixadhal@andropov:~$ free
total used free shared buffers cached
Mem: 515936 494748 21188 0 183200 79188
-/+ buffers/cache: 232360 283576
Swap: 1509944 936 1509008


I could disable swap entirely, and that 936K of swap would move into the "used" column. If I could disable file caching, we'd see I'd still have 280M of free memory, but the system would run slower as a result.

Out of curiosity, how common is it to have this kind of chroot jail instead of just installing your own linux in a full VM? I've never looked at hosting, but whenever we talked about it at work it was either putting your own hardware in someone's rack, or getting a VM that you could install/backup remotely, and it acted like a full machine with a wimpy CPU.
16 Jun, 2009, Banner wrote in the 39th comment:
Votes: 0
… So I'm moving data from Quantact to Linode, but I've got a problem with my forums. When I visit them in the browser, I am lead to a blank page. Rest of the site works fine, as well as .php files. I don't get any error message so I don't know if its permissions, mysql errors, or a misconfiguration in Apache2. Normally, it complains about a missing database or a directory set incorrectly, so the blank page is quite misleading. I already imported my old database, set the perms, and changed the directories in the settings file so I am at a loss. Any help is appreciated. The forums are smf if that helps.
16 Jun, 2009, Cratylus wrote in the 40th comment:
Votes: 0
If there's no error, just a blank page, and it happens when
trying to access php stuff after a migration, the chances are that
you've got a config file in your php app pointing to the wrong spot.

-Crat
http://lpmuds.net
20.0/42