I asked myself the same question, so I logged into my shell account at a local ISP and took a look at what they use on their FreeBSD machine with 512 MB of RAM:
core file size (blocks) unlimited data seg size (kbytes) 22528 file size (blocks) unlimited max locked memory (kbytes) 10240 max memory size (kbytes) 30720 open files 64 pipe size (512 bytes) 1 stack size (kbytes) 8192 cpu time (seconds) unlimited max user processes 64 virtual memory (kbytes) 30720 On my machine (96 MB) I am using something between the optional "default" in /etc/limits, and what I found from the aforementioned machine. The defaults in /etc/limits are: #* L2 D6144 R2048 S2048 U32 N32 F16384 T5 C0 However I set the max CPU time to 60 minutes (T60) and max open files to 64 (N64). I figured that any process spawned by a shell that burned up 60 mins of CPU time (note that CPU time does not accumulate while a process is idle) might be "up to no good," but that's on my machine where I only have a few remote users, and an occasional console user, playing around with things. On a true full-time multi-user machine you may want to increase this slightly. I also set (in /etc/profile): ulimit -v 32768 which is apparently more than enough to run X and Netscape (4.6). I originally had tried about 16 MB and X started but Netscape would segfault. Then (in /etc/limits) I set "no limits" on my own accounts: <user> - As I only started experimenting with this yesterday, don't take any of my setup without some judgment. :) I'm probably making some unreasonable choices which I will have to fine-tune over time. But they seem to have been decent preliminary defaults. Also: I still don't know of any way to set the Virtual Mem usage of a shell without using ulimit (bash) or limit (csh)! Note that it does not appear to be an option in /etc/limits or in pam's limits.conf. Anyone know how to do it? There must be a way. On Mon, 10 Jan 2000, Ethan Benson wrote: > I have figured out how to set these limits up well enough, but I have > a related question, how can i set reasonable limits? what I mean is > how can i set reasonable limits for a user that they will never even > notice are there unless 1) they are intentionally trying to crash the > machine or 2) unintentionally have a process go out of control. sort > of analogous to the 5% limit on ext2fs reserved for root. > > > -- > Ethan Benson > To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
