mark at mms-uk.com
Mon Sep 12 06:09:13 UTC 2005
Thanks for the reply.
I appreciate all your security comments, but they don't apply in my
No user has interactive access to run any commands let alone the nice
The exact situation is so..
Most average users just access OpenOffice on a daily basis via dedicated
usernames that only allow OpenOffice to run. Most of the time system
performance is OK.
However, I have 30 to 40 custom built database analysis programs that run
twice daily. When these programs are running the system performs very slow.
In order to help with performance the databases analysis programs are run
with nice -19, but this only marginally improves performance.
In testing I've found that running OpenOffice with nice --20 really helps,
but I have to use sudo nice --20 so that the OpenOffice user has privildges
to the nice command. Using sudo makes OpenOffice run as user ROOT not the
original user, which makes tracking who's using OpenOffice and who created
which documents very very difficult.
How can I run OpenOffice with nice --20 but as the original user not ROOT ??
Also I've changed the min-timeslice & max-timeslice kernel parameters to
1000 & 30000 as recommended by Suse for interactive use. Any comment on
these settings for other kernel/system parameters that might help improve
From: Dave Nebinger [mailto:dnebinger at joat.com]
Sent: 11 September 2005 23:53
To: For people using KDE on Linux with related questions/problems
Subject: Re: [kde-linux] nice
> If the user types
> nice -20 command
> an error is reported about lack of privileges.
This is a specific security measure that is in place to ensure the stability
of your box. Linux and unix in general will not support allowing users to
lower the priority of tasks.
Consider, for a moment, if this was possible and I'm a user on your system.
I can quite easily write a program that would consume CPU (i.e. calculating
pi to thousands of digits, running a crack program to decode passwords from
/etc/passwd, etc.). At the default levels it will wreak havoc on the box,
but if I have the ability to run the command at real time level (-20), I
would lock the box up entirely until the process finishes (if I even coded
it to finish).
Your only option at this point, because you most likely would not be able to
get a new root login or really do anything interactively, would be to cycle
You're looking at a special case in which you probably want a limited set of
users to issue a limited set of commands at real time level; to that end the
sudo command is appropriate, although I suspect that anyone that knew what
they were doing could still take advantage of the realtime level and grind
your box to a halt.
As an administrator I'd need to know what command you want the users to run
at realtime level and why it cannot be run at normal levels; we'd have to
thoroughly explore all of the alternatives before I would allow such a thing
on my boxen.
This message is from the kde-linux mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde-linux.
More info: http://www.kde.org/faq.html.
More information about the kde-linux