On a shared server (Debian Jessie), there are some memory limits (and other limits, like number of processes) that apply for a group of users, configured in /etc/security/limits.conf
.
It seems that those limits do not apply to processes started by cron, though, and sometimes people's cron job accidentally screw up performance for all others.
Is there any way to apply the limits from limits.conf
to cron jobs too? Or, if that's not possible, at least enforce some limits to all users' cron jobs?
Cron seems to run all the jobs in the cron cgroup, not in the users' cgroup, so that's not an easy approach either 🙁
Best Answer
I'm pretty sure you cant set up limits on a service via the limits.conf but only on a user space.
Crontab executes scripts in the appointed user space defined either from /etc/crontab via username or from the users own personal crontab. So limits has to be applied on a user-space level or from inside the script it self. But it's correct you need to enable the limits under pam.d/cron as this enables cron to apply the user limits when executing the script.
I setup a little test scenario so we can check how to limit a users cronjobs.
1) Made a user called crontest
2) Added one line to limits.conf
3) Made a quick little test script to allocate memory. You can properly find source example around the Internet that is way better than mine, but it works.
Save the above source code into mem.c and type the following to compile it.
Now to test
As root i ran the mem test script and this is the output. As you can see i can allocate more than 50MB RAM (AddressSpace)
I then changed to my new test user and tried the same.
As you can see the system cut me off as i tried to allocate the next 10MB that would have hit 50MB (my limit).
Next i added the following to /etc/crontab
Saved the crontab and waited for the cron to spawn my user-space script under crontest user. I could now see that the same things applied to my users crontab script just fine.
Output from cron.log showing the script started
Output from syslog showing the script dieing again..
So as you can see the limit applies both to the user environment when logging in and to the cronjobs. So i think you need to take a look at your limits.conf file i don't think it's correct.