Linux – Applying memory limits to screen sessions

exploitgnu-screenlinuxmemory

You can set memory usage limits for standard Linux applications in: /etc/security/limits.conf

Unfortunately, I previously thought ~~these limits only apply to user applications and not system services~~. This means that users can by bypass their limits by launching applications through a system service such as screen. I'd like to know if it's possible to let users use screen but still enforce application limits.

Jeff had the great idea of using nohup which obeys user limits (wonderful!), but I would still like to know if it's possible to mimic the useful windowing features of screen.

EDIT:

It seems my screen sessions are now obeying my hard address space limits defined in /etc/security/limits.conf. I must have been making some mistake. I recently installed cpulimit, but I doubt that's the solution.Thanks for the nohup tip, Jeff! It's very useful.

Link to CPU Limit package

Best Answer

I'm not going to comment on whether that's an actual 'exploit' or intended behavior, but the work-around for this situation is to not allow access to screen. If they/you need to run a process while they're logged out they could use nohup.

Related Solutions

Linux – Can I Nohup/Screen an Already-Started Process?

If you're using Bash, you can run disown -h job

disown
disown [-ar] [-h] [jobspec ...]
Without options, each jobspec is removed from the table of active jobs. If the -h option is given, the job is not removed from the table, but is marked so that SIGHUP is not sent to the job if the shell receives a SIGHUP. If jobspec is not present, and neither the -a nor -r option is supplied, the current job is used. If no jobspec is supplied, the -a option means to remove or mark all jobs; the -r option without a jobspec argument restricts operation to running jobs.

Reattach or create a named screen session? (or persistent screen sessions)

Tell screen to be a bit more persistent about trying:

-D -R
    Attach here and now. In detail this means: If a session is run-
    ning,  then  reattach.  If necessary detach and logout remotely
    first.  If it was not running create it and  notify  the  user.
    This is the author's favorite.

So combine the two and you should have your solution ("-DR" is equivalent to "-D -R"):

screen -DR <yoursession>

Additionally and useful to know, you can view running sessions with:

screen -ls

Best Answer

Related Solutions

Linux – Can I Nohup/Screen an Already-Started Process?

Reattach or create a named screen session? (or persistent screen sessions)

Related Topic