Hi, I configured a CentOS 7 to limit the amount of memory any single interactive user can use by setting:
systemctl set-property user.slice MemoryLimit=60G
and excepted "root" to use a less strict limit:
systemctl set-property user-0.slice MemoryLimit=120G
Works so far, but there's a catch: Some times, "root" wants to impersonate some user to interactively start some software on behalf of that user. Yet, when root uses "su - username" to change the user, no "user-xxx.slice" is created, not even a new "session" below "user-0.slice" is created, causing the wrong MemoryLimit to be applied:
systemd-cgls └─user.slice ├─user-0.slice ... │ └─session-18.scope │ ├─17570 sshd: root@pts/1 │ ├─17572 -bash │ ├─19514 bash │ ├─19884 su - johndoe │ ├─19885 -bash │ ├─20395 ./memory_hog ...
How can I configure that processes started as a certain user honor the user.slice limit, regardless of whether the user used "ssh" to log in, or whether just "root" was using "su" to become that user? Regards, Lutz Vieweg _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
