2

(Note: The program mentioned was written for a class assignment, but this question is not part of the assignment; it is for my own curiosity and I cannot find an answer elsewhere.)

For a class assignment, I needed to write a program to determine the number of simultaneous processes that could be run by a user at once. My program creates a certain number of processes before fork() returns -1 because the limit has been reached, then it terminates those processes and ends.

When I run as root, it counts 16 created processes before terminating them, which makes sense. The Minix 2 man page for fork() specifies that the limit is set by the NR_PROCS variable in /usr/include/minix/config.h, and that is set to 32. root is running 16 processes in addition to the 14 created by the program (+2 for shell and the program itself), so that makes a total of 32 processes.

When I run as the unprivileged user ast, however, the program only returns 13 (so it's only spawning 11 processes plus the two for shell and program). I'm using su ast to run as the ast user, but I don't know if that process is taken into account. UPDATE: Logging in as ast causes the program to spawn 12 processes, so adding the two for shell and the program itself means ast can only have 14 simultaneous processes running (the user is not running any others).

Why is there a difference in the number of processes that can be run by superusers and unprivileged users, especially when only one variable controls the system limit?

vaindil
  • 7,536
  • 21
  • 68
  • 127
  • 2
    Yes, `su ast` is one process and then it forks a shell for `ast`, that's another process. What happens if you login as `ast` and run? – P.P Feb 08 '15 at 07:39
  • @Blue Moon I considered doing that but login as `ast` is disabled (the entry in `/etc/passwd` gives `*` in the place where the password would be written, which means it is invalid). I'll give it a try tomorrow when I have a bit more time to mess around on the system; most of tonight consisted of actually writing the program. – vaindil Feb 08 '15 at 10:18
  • @BlueMoon I enabled login as the `ast` user and ran the program; it reported 14 processes. `ast` is only running one other process, `-sh`, and that's accounted for in the program, so it looks like the `ast` user can actually only spawn 14 processes at once compared to `root`'s 32, assuming my code is correct. – vaindil Feb 08 '15 at 22:33

1 Answers1

0

Setting a user's process limit protects the system by ensuring that a mis-use or malicious use (like a fork bomb) by a user cannot completely break the system (in theory, at least). Root processes can continue to start and run.

Sometimes this is a per-user setting (to protect other users) and sometimes it is a user/root split (to protect the system) and sometimes it is both.

Brian White
  • 8,332
  • 2
  • 43
  • 67