From: Wiktor <victorjan@poczta.onet.pl>
To: 7eggert@gmx.de
Cc: linux-kernel@vger.kernel.org
Subject: Re: [RFD] 'nice' attribute for executable files
Date: Wed, 30 Mar 2005 18:07:05 +0200 [thread overview]
Message-ID: <424ACEA9.6070401@poczta.onet.pl> (raw)
In-Reply-To: <E1DGNaV-0005LG-9m@be1.7eggert.dyndns.org>
Bodo Eggert wrote:
> Wiktor <victorjan@poczta.onet.pl> wrote:
>>so i thought that it would be nice to add an attribute to file
>>(changable only for root) that would modify nice value of process when
>>it starts. if there is one byte free in ext2/3 file metadata, maybe it
>>could be used for that? i think that it woundn't be more dangerous than
>>setuid bit.
>
> I guess there should be a maximum renice value ulimit instead, which would
> allow running allmost any user task on a higher nice level, except the
> important stuff, with the additional benefit of being able to temporarily
> renice some tasks until the more important work is done.
>
> I remember something similar being discussed for realtime tasks, but I don't
> remember the outcome.
my xmms problem is unimportant here, i've posted this thread to propose
some new feature in filesystem, not to solve problem with multimedia player!
max renice ulimit is quite good idea, but it allows to change nice of
*any* process user has permissions to. it could be implemented also, but
the idea of 'nice' file attribute is to allow *only* some process be
run with lower nice. what's more, that nice would be *always* the same
(at process startup)!
example:
web server runs as user www. it spawns perl interpreter that root wants
to be run with lower nice, but he doesn't want to allow 'www' user to
renice *any* process (for eg. this user is shared with webmaster, and
webmaster is malicious person; i know, the webmaster could have another
accout, but maybe for some file-ownership reasons, root doesn't want to
create special account for him).
in this situation, setting nice-attribute for /usr/bin/perl solves the
problem. remember, that this feature would also provide an easy way to
increase nice level. it can be done with shell script, but setting nice
value in file attributes is cleaner and easier to manage.
could it be implemented in some near future? thx for replies.
--
wixor
May the Source be with you.
next prev parent reply other threads:[~2005-03-30 16:04 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.ed33rit.1e148rh@ifi.uio.no>
2005-03-29 20:45 ` [RFD] 'nice' attribute for executable files Bodo Eggert
2005-03-30 16:07 ` Wiktor [this message]
2005-03-30 16:55 ` Måns Rullgård
2005-03-30 17:27 ` Wiktor
2005-03-30 19:03 ` Måns Rullgård
2005-03-30 20:16 ` Wiktor
2005-03-30 20:43 ` Måns Rullgård
2005-04-01 15:26 ` Wiktor
2005-04-01 16:07 ` Måns Rullgård
2005-03-31 5:46 ` Jan Engelhardt
2005-03-31 15:56 ` Horst von Brand
2005-03-31 16:05 ` Måns Rullgård
2005-04-01 15:40 ` Wiktor
2005-04-01 16:12 ` Måns Rullgård
2005-04-01 17:27 ` Horst von Brand
2005-03-30 19:40 ` Bodo Eggert
2005-03-30 21:03 ` Lee Revell
2005-03-29 19:55 Wiktor
2005-03-29 21:02 ` Lee Revell
2005-03-30 19:55 ` Bill Davidsen
2005-03-31 5:51 ` Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=424ACEA9.6070401@poczta.onet.pl \
--to=victorjan@poczta.onet.pl \
--cc=7eggert@gmx.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox