[kde-linux] nice

mark walker mark at mms-uk.com
Mon Sep 12 06:09:13 UTC 2005


Hi

Thanks for the reply.

I appreciate all your security comments, but they don't apply in my
situation.

No user has interactive access to run any commands let alone the nice
command.

The exact situation is so..

Most average users just access OpenOffice on a daily basis via dedicated
usernames that only allow OpenOffice to run.  Most of the time system
performance is OK.
However, I have 30 to 40 custom built database analysis programs that run
twice daily.  When these programs are running the system performs very slow.
In order to help with performance the databases analysis programs are run
with nice -19, but this only marginally improves performance.
In testing I've found that running OpenOffice with nice --20 really helps,
but I have to use sudo nice --20 so that the OpenOffice user has privildges
to the nice command.  Using sudo makes OpenOffice run as user ROOT not the
original user, which makes tracking who's using OpenOffice and who created
which documents very very difficult.

How can I run OpenOffice with nice --20 but as the original user not ROOT ??

Also I've changed the min-timeslice & max-timeslice kernel parameters to
1000 & 30000 as recommended by Suse for interactive use.  Any comment on
these settings for other kernel/system parameters that might help improve
system performance.

Regards
MARK

-----Original Message-----
From: Dave Nebinger [mailto:dnebinger at joat.com] 
Sent: 11 September 2005 23:53
To: For people using KDE on Linux with related questions/problems
Subject: Re: [kde-linux] nice

> If the user types
>             nice -20 command
> an error is reported about lack of privileges.

This is a specific security measure that is in place to ensure the stability

of your box.  Linux and unix in general will not support allowing users to 
lower the priority of tasks.

Consider, for a moment, if this was possible and I'm a user on your system. 
I can quite easily write a program that would consume CPU (i.e. calculating 
pi to thousands of digits, running a crack program to decode passwords from 
/etc/passwd, etc.).  At the default levels it will wreak havoc on the box, 
but if I have the ability to run the command at real time level (-20), I 
would lock the box up entirely until the process finishes (if I even coded 
it to finish).

Your only option at this point, because you most likely would not be able to

get a new root login or really do anything interactively, would be to cycle 
the box.

You're looking at a special case in which you probably want a limited set of

users to issue a limited set of commands at real time level; to that end the

sudo command is appropriate, although I suspect that anyone that knew what 
they were doing could still take advantage of the realtime level and grind 
your box to a halt.

As an administrator I'd need to know what command you want the users to run 
at realtime level and why it cannot be run at normal levels; we'd have to 
thoroughly explore all of the alternatives before I would allow such a thing

on my boxen.

___________________________________________________
This message is from the kde-linux mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde-linux.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.




More information about the kde-linux mailing list