httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: RLimitNPROC behaviour question
Date Thu, 03 Oct 2002 18:15:01 GMT
* Joshua Slive wrote:

[RLimitNPROC]
> I think it still applies: It says that using that directive may limit
> the total number of cgi processes that can be launched at one time.

And that's not true, as far I can see.

The directive works for me as follows:

mod_cgi creates a new process via fork. If successful, for the new child
process the rlimit stuff will be set. It applies *only* to this child.
After that exec will be called to start the external program/script
(under circumstances via suexec). 

If now the CGI-process (means the external program) tries to fork, the
system counts the number of current processes of the processes'
effective uid and refuses, if the number exceedes the limit (set by
RLimitNPROC). 

That means, RLimitNPROC doesn't apply to the number of launched
CGI-processes rather than the number of processes a CGI-program may
launch. (more or less that, what the short description says).
For example:

RLimitNPROC 1

means in practise: a CGI program may send a mail by piping it to
/usr/lib/sendmail if there's no concurrent process, i.e. it runs alone. 
whether that makes sense or not...dependant on system/policies/etc., I
think. 

Side note:
If suexec would fork a new process after changing the uid, then
RLimitNPROC really would limit the number of CGI processes launched by
mod_cgi. 

I hope, I don't spread nonsense here ;-)

nd
-- 
Real programmers confuse Christmas and Halloween because
DEC 25 = OCT 31.  -- Unknown

                                      (found in ssl_engine_mutex.c)

Mime
View raw message