[systemd-devel] Commands started after "su - username" do not obey "systemctl set-property user.slice MemoryLimit=..."
Lutz Vieweg
lvml at 5t9.de
Wed Oct 29 13:08:02 PDT 2014
Hi,
I configured a CentOS 7 to limit the amount of memory any single
interactive user can use by setting:
> systemctl set-property user.slice MemoryLimit=60G
and excepted "root" to use a less strict limit:
> systemctl set-property user-0.slice MemoryLimit=120G
Works so far, but there's a catch: Some times, "root"
wants to impersonate some user to interactively start
some software on behalf of that user.
Yet, when root uses "su - username" to change the user,
no "user-xxx.slice" is created, not even a new "session"
below "user-0.slice" is created, causing the wrong
MemoryLimit to be applied:
> systemd-cgls
> └─user.slice
> ├─user-0.slice
> ...
> │ └─session-18.scope
> │ ├─17570 sshd: root at pts/1
> │ ├─17572 -bash
> │ ├─19514 bash
> │ ├─19884 su - johndoe
> │ ├─19885 -bash
> │ ├─20395 ./memory_hog ...
How can I configure that processes started as a certain
user honor the user.slice limit, regardless of whether
the user used "ssh" to log in, or whether just "root"
was using "su" to become that user?
Regards,
Lutz Vieweg
More information about the systemd-devel
mailing list