cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Fork bomb protection settings per user

P. Kuiper shared this idea 5 years ago
Open Discussion

Allow to configure per user (non-default) fork bomb protection (ulimit) settings. At this point you will have to edit multiple files, ie:


/etc/bashrc

/etc/profile


/etc/profile.d/limits.sh


/etc/profile.d/limits.csh


Disabling and enabling Fork Bomb Protection will overwrite custom changes. I'm not sure what happens with version upgrades, it might be that custom changes will be overwritten too.


In some cases you will need a higher maximum number of processes. For instance, if you have a client with a lot of email accounts and you want to give them SSH access (which happened to us).

Comments (2)

photo
2

This also affected my server, it prevented my sync software from syncing files to it. The Fork Bomb Protection sets a limit of 100 which overrides all the other methods listed above, as well as limits set in PAM. It drove me nuts trying ot figure out why the ulimit settings I had for my sync user were being ignored, until I started poking around in WHM, figuring this must be one of those cases where cPanel was blindly overwriting system settings. This feature, as it is designed, is of no use to me on my server or anyone else who needs a higher ulimit for certain users or groups.


Fork bomb protection would be much better if it worked *with* the system settings, rather than be a separate setting that overrides them all. It should be a proper front end to the system ulimits, which allow per-group and per-user settings.


See also

https://features.cpanel.net/topic/as-a-server-administrator-i-want-to-set-custom-shell-fork-bomb-limits-so-that-some-applications-are-not-killed

photo
1

I would agree - this setting is useful, but the values are of little use. We have users with dozens of IMAP connections, so they can't shell or do anything in shell as they have way more than 35 processes running


Increase limits from 35 to 150 - works fine as of 11.48 and 11.50


  1. sed -i.bak -e 's/^\(\s\+ulimit -n 100 -u\) ...\? \(-m [0-9]\+ .*$\)/\1 150 \2/' /etc/bashrc /etc/profile /etc/profile.d/limits.sh;

    sed -i.bak -e 's/^\(\s\+limit maxproc \)...\?$/\1150/' /etc/profile.d/limits.csh