Re: How to ban someone from running a program

["Todd A. Jacobs" <nospam codegnome org>]

On Thu, 31 Oct 2002, Reuben D. Budiardja wrote:

> I am managing a machine that was used by several people. One of the
> users often time run a program (written in fortran) that takes huge CPU
> and Memory that make the machine very un-responsive. So, the basic

The following additions to /etc/security/limits.conf will help:

	abusername	hard	priority	19
	abusername	hard	maxlogins	1
	abusername	hard	nproc		2

This will limit him to a single login with a maximum of two user processes
(lower and he might not be able to type commands at the console at all),
with an enforced priority of 19 for all processes.

You can also consider RSS and CPU time limits, but those are secondary.  
You may also want to consider putting appropriate ulimits into
/etc/profile. However, if /etc/shells allows a shell which doesn't source
/etc/profile, ulimit won't be as enforcable as PAM.

-- 
"Whenever I feel blue, I start breathing again."

			       - Unknown