ron@isieng.UUCP (Ronald P. Hughes) (02/21/86)
xxx We have a customer whose users all spend most of their time executing a program with the setuid bit turned on. Eventually they start getting "No more processes" messages, because they are exceeding the maximum- number-of-processes-per-user limit. The users are actually all logged into different accounts, and hence their processes have different real uids, but since they are all executing setuid program(s) with the same uid, their effective uids are the same. Fork currently compares effective uids when counting processes to determine whether maxuprc would be exceeded. Should it perhaps be comparing real uids? Ronald P. Hughes Integrated Solutions, Inc. (408)943-1902 ...!pyramid!isieng!ron or ...!ucbvax!ucscc!isieng!ron
guy@sun.uucp (Guy Harris) (02/23/86)
> Fork currently compares effective uids when counting processes to > determine whether maxuprc would be exceeded. Should it perhaps be > comparing real uids? Yes. Absolutely. System V does this, although I don't know if this was deliberate or a side-effect of the stuff they did to enable repeated switching between real and set-UID UIDs (the UNIX "fork" code only checks UIDs which are stored in the processs table entry, not UIDs stored in the U page which may be swapped or paged out; pre-S5 UNIXes stored only the effective UID in "p_uid", but S5 stores the real UID there and the effective UID as of the last "exec" in "p_suid"). Usually, a process should be charged against the quota of the user on whose behalf it is doing work, not the quota of the user to whom it's set-UID. -- Guy Harris {ihnp4, decvax, seismo, decwrl, ...}!sun!guy guy@sun.arpa (yes, really)