You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by André Malo <nd...@perlig.de> on 2002/10/03 03:22:35 UTC

RLimitNPROC behaviour question

http://httpd.apache.org/docs-2.0/mod/core.html#rlimitnproc says:

| Note: If CGI processes are not running under userids other than the
| web server userid, this directive will limit the number of processes
| that the server itself can create. Evidence of this situation will
| be indicated by "cannot fork" messages in the error_log.

I looked into the kernel code and played around with strace and found
that it's not true at least for linux 2.2 and 2.4. 

the rlimit properties will be set after forking and apply only to the
forked process and it's children. So it cannot influence the server
processes in such way. But my experiences with other OSes are very
small. Can someone leave a word on behaviour of other OSes? 

If I'm totally wrong, please tell me ;-)

nd
-- 
s;.*;aaaaaoaaaoaaaaooooaaoaaaomaaaa:a:alataa:aaoat:a:a:a
maoaa:a:laoata:a:oia:a:o:a:m:a:o:alaoooat:aaool:aaoaa
matooololaaatoto:aaa:o:a:o:m;;s:\s:\::g;y;mailto:;
\40\51/\134\137|ndparker <nd...@perlig.de>;;print;

Re: RLimitNPROC behaviour question

Posted by "E. FROUNI" <fr...@bledo.net>.

How to unsubscribe from this list ?

----- Original Message -----
From: "André Malo" <nd...@perlig.de>
To: <de...@httpd.apache.org>
Sent: Thursday, October 03, 2002 10:06 PM
Subject: Re: RLimitNPROC behaviour question


* André Malo wrote:

> For example:
>
> RLimitNPROC 1
>
> means in practise: a CGI program may send a mail by piping it to
> /usr/lib/sendmail if there's no concurrent process, i.e. it runs
> alone. whether that makes sense or not...dependant on
> system/policies/etc., I think.

> I hope, I don't spread nonsense here ;-)

*harhar*. must be RLimitNPROC 2, of course...

nd
--
print "Just Another Perl Hacker";

# André Malo, <http://www.perlig.de/> #

Re: RLimitNPROC behaviour question

Posted by André Malo <nd...@perlig.de>.

* André Malo wrote:

> For example:
> 
> RLimitNPROC 1
> 
> means in practise: a CGI program may send a mail by piping it to
> /usr/lib/sendmail if there's no concurrent process, i.e. it runs
> alone. whether that makes sense or not...dependant on
> system/policies/etc., I think.

> I hope, I don't spread nonsense here ;-)

*harhar*. must be RLimitNPROC 2, of course...

nd
-- 
print "Just Another Perl Hacker";

# André Malo, <http://www.perlig.de/> #

Re: RLimitNPROC behaviour question

Posted by André Malo <nd...@perlig.de>.

* Joshua Slive wrote:

[RLimitNPROC]
> I think it still applies: It says that using that directive may limit
> the total number of cgi processes that can be launched at one time.

And that's not true, as far I can see.

The directive works for me as follows:

mod_cgi creates a new process via fork. If successful, for the new child
process the rlimit stuff will be set. It applies *only* to this child.
After that exec will be called to start the external program/script
(under circumstances via suexec). 

If now the CGI-process (means the external program) tries to fork, the
system counts the number of current processes of the processes'
effective uid and refuses, if the number exceedes the limit (set by
RLimitNPROC). 

That means, RLimitNPROC doesn't apply to the number of launched
CGI-processes rather than the number of processes a CGI-program may
launch. (more or less that, what the short description says).
For example:

RLimitNPROC 1

means in practise: a CGI program may send a mail by piping it to
/usr/lib/sendmail if there's no concurrent process, i.e. it runs alone. 
whether that makes sense or not...dependant on system/policies/etc., I
think. 

Side note:
If suexec would fork a new process after changing the uid, then
RLimitNPROC really would limit the number of CGI processes launched by
mod_cgi. 

I hope, I don't spread nonsense here ;-)

nd
-- 
Real programmers confuse Christmas and Halloween because
DEC 25 = OCT 31.  -- Unknown

                                      (found in ssl_engine_mutex.c)

Re: RLimitNPROC behaviour question

Posted by Joshua Slive <jo...@slive.ca>.

André Malo wrote:
> * Daniel Lopez wrote:
> 
> 
>>>| Note: If CGI processes are not running under userids other than the
>>>| web server userid, this directive will limit the number of
>>>| processes that the server itself can create. Evidence of this
>>>| situation will be indicated by "cannot fork" messages in the
>>>| error_log. 
>>
> 
>>The directive refers only to the CGI processes, not the server
>>processes (the wording can be confusing)
> 
> 
> ok. In this case I'm going to remove the whole paragraph. Objections
> someone? 

I think it still applies: It says that using that directive may limit 
the total number of cgi processes that can be launched at one time.

But I may still be confused.  In any case, anything you can do to 
clarify those directives would be great.  They are often a source of 
confusion.

Joshua.

Re: RLimitNPROC behaviour question

Posted by André Malo <nd...@perlig.de>.

* Daniel Lopez wrote:

>> | Note: If CGI processes are not running under userids other than the
>> | web server userid, this directive will limit the number of
>> | processes that the server itself can create. Evidence of this
>> | situation will be indicated by "cannot fork" messages in the
>> | error_log. 

> The directive refers only to the CGI processes, not the server
> processes (the wording can be confusing)

ok. In this case I'm going to remove the whole paragraph. Objections
someone? 

nd
-- 
Gefunden auf einer "Webdesigner"-Seite:
        > Programmierung in HTML, XML, WML, CGI, FLASH <

# André Malo # http://www.perlig.de/ #

Re: RLimitNPROC behaviour question

Posted by Daniel Lopez <da...@rawbyte.com>.


On Thu, Oct 03, 2002 at 03:22:35AM +0200, André Malo wrote:
> http://httpd.apache.org/docs-2.0/mod/core.html#rlimitnproc says:
> 
> | Note: If CGI processes are not running under userids other than the
> | web server userid, this directive will limit the number of processes
> | that the server itself can create. Evidence of this situation will
> | be indicated by "cannot fork" messages in the error_log.
> 
> I looked into the kernel code and played around with strace and found
> that it's not true at least for linux 2.2 and 2.4. 
> 
> the rlimit properties will be set after forking and apply only to the
> forked process and it's children. So it cannot influence the server
> processes in such way. But my experiences with other OSes are very
> small. Can someone leave a word on behaviour of other OSes? 
> 
> If I'm totally wrong, please tell me ;-)

The directive refers only to the CGI processes, not the server processes
(the wording can be confusing)

Cheers

Daniel

-- 
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/