Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 29761 invoked from network); 6 Aug 2007 22:38:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Aug 2007 22:38:25 -0000 Received: (qmail 44853 invoked by uid 500); 6 Aug 2007 22:38:14 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 44837 invoked by uid 500); 6 Aug 2007 22:38:14 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 44826 invoked by uid 99); 6 Aug 2007 22:38:14 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Aug 2007 15:38:14 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of johannes.truschnigg@gmx.at designates 213.165.64.20 as permitted sender) Received: from [213.165.64.20] (HELO mail.gmx.net) (213.165.64.20) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 06 Aug 2007 22:37:58 +0000 Received: (qmail invoked by alias); 06 Aug 2007 22:37:45 -0000 Received: from unknown (EHLO [10.0.0.1]) [85.127.90.135] by mail.gmx.net (mp044) with SMTP; 07 Aug 2007 00:37:45 +0200 X-Authenticated: #21660572 X-Provags-ID: V01U2FsdGVkX1+vjqA9rBCvdhC5og/sgdHRwJ3AIYoTB7lxgxKszW FLL3hrPUmUbgQu From: Johannes Truschnigg To: users@httpd.apache.org Date: Tue, 7 Aug 2007 00:37:43 +0200 User-Agent: KMail/1.9.7 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart11321688.BfSUYQxnOh"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708070037.43388.johannes.truschnigg@gmx.at> X-Y-GMX-Trusted: 0 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] apache 2.2 + suexec + mod_fcgid 2.1 + php-cgi: nproc ulimit ineffective, rabid process spawning occurs --nextPart11321688.BfSUYQxnOh Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello everyone, I'm running a webserver (Server version: Apache/2.2.4 (Unix)) on Gentoo=20 GNU/Linux, Kernel 2.6.22 (x86, Gentoo patchset) for quite some time now, an= d=20 cannot seem to fix my problems regarding a per-user=20 number-of-processes-restriction I need to implement. I'll post the sections of all the configs I consider relevant to the proble= m;=20 I think that'll make it easiest for everyone interested to follow... +----- mod_fcgid.conf (this one's global to apache, it's mostly adopted verbatim f= rom=20 my distribution's defaults): SharememPath /var/run/fcgid_shm SocketPath /var/run/fcgid.sock IPCCommTimeout 45 MaxProcessCount 12 MaxRequestsPerProcess 500 DefaultMaxClassProcessCount 4 IdleTimeout 3600 ProcessLifeTime 36000 LoadModule fcgid_module modules/mod_fcgid.so AddHandler fcgid-script .fcg SetHandler fcgid-script Options ExecCGI allow from all AddHandler fcgid-script .php +----- +----- vhost.conf (irrelevant parts left out): #[...] ServerRoot "/home/www_michaelk/www/nicoleundmichael.at" DocumentRoot "/home/www_michaelk/www/nicoleundmichael.at/htdocs" SuexecUserGroup "www_michaelk" "www_michaelk" AddHandler fcgid-script .php Deny from all AllowOverride None Order Deny,Allow Deny from all FCGIWrapper "/var/www/fcgi-wrap/www_michaelk/php.fcgi" .php AllowOverride AuthConfig FileInfo Options Options +ExecCGI Order deny,allow Allow from all +----- +----- php.fcgi (this one's the wrapper invoking php): #!/bin/bash export PHPRC=3D"/home/www_michaelk/conf/nicoleundmichael.at/" export PHP_FCGI_CHILDREN=3D3 export PHP_FCGI_MAX_REQUESTS=3D15000 exec /usr/bin/php-cgi +----- +----- /etc/security/limits.conf (relevant part only): www_michaelk hard nproc 25 +----- If I throw a real lot of requests (100K+) on one site hosted in this manner= =20 now, at some point, mod_fcgid begins spawning new processes seemingly witho= ut=20 killing/discarding any old ones. I'd expect mod_fcgid to restrict the max.= =20 number of processes it dispatches requests to to the value=20 of "MaxProcessCount", but this turns out not to be the case. I always end up with one process above my actual ulimit (I suppose that's=20 because of how Linux handles changing a process' effective user id, right?)= ,=20 leaving my users unable to login, because it's impossible for them to start= a=20 new shell. I already tried fiddling with all the values I suspected of having an impac= t=20 on the situation ("PHP_FCGI_CHILDREN" in the wrapper, "MaxProcessCount" and= =20 cousins in the mod_fcgid configuration), but nothing actually yielded=20 success. I'm running out of ideas on what to try next, so I figured I'd cry for help= by=20 posting here. I highly appreciate any sort of input that might lead me into= =20 the right direction to fix this - thanks in advance for your efforts! If you feel there's need for additional info I did not provide yet, please= =20 don't hesitate to let me know. =2D-=20 with best regards: =2D Johannes Truschnigg ( johannes.truschnigg@gmx.at ) www: http://johannes.truschnigg.info/ phone: +43 650 2 133337 jabber: johannes.truschnigg@gmail.com Please do not bother me with HTML-eMail or attachments. Thank you. --nextPart11321688.BfSUYQxnOh Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.5 (GNU/Linux) iD8DBQBGt6K3nnUApj8OcoIRAqY7AJ9RFY2pqhY2rBR4S4CUMzzZom+lHwCfa8Gb eeGHGwZ4M/Nqlghvr1CKEzE= =Sc68 -----END PGP SIGNATURE----- --nextPart11321688.BfSUYQxnOh--