Limit RAM and CPU for User

fbmy · December 28, 2020, 8:02am

Hello, sometimes some users can cause excessive RAM and CPU load.
How about setting to limit RAM and CPU like Cgroups function?

Thank You

nboy · December 29, 2020, 5:05pm

Interesting feature. None of the current free/paid control panels come with this(except apiscp). If implemented will be a unique feature of an open source control panel.

Raphael · December 29, 2020, 5:10pm

cPanel has it ;).

We will look into it, but it isnt our highest priority.

nboy · December 29, 2020, 5:39pm

Could you please link me on cpanel cgroups(are you referring to cloudlinux?).

Btw, centos-webpanel seems to be another one supporting cgroups.

Raphael · December 29, 2020, 6:07pm

I just noticed it on some posts about cpanel, as far as I saw, it seems to be a cloudlinux only feature. I konw that there were some cgroups integrations in vesta forum, Probaly this could be a resource for some testing.

fbmy · December 29, 2020, 7:28pm

great!
If HestiaCP has this feature I think everyone will like it even though it will be a commercial plugin just like it is on Vesta

Maxinebob · July 13, 2021, 12:33am

It would be interesting the security feature called: CageFS.
It protects the server and isolates each user’s directory.

Boka003 · January 3, 2022, 11:47am

Hi,

Even if there is option to set this via console (without graphics interface) it will help a loot for server optimization

Amadex · January 3, 2022, 5:09pm

You mean cgroup?

jlguerrero · January 3, 2022, 8:56pm

I have read the full article and there are some interesting uses for that.

You can set a share for processes so there is always CPU time for the critical processes.

You can set a CPU limit. I would definitely limit a process CPU that excedes 100% of all CPU times.

So I avoid situations in which a hacker is exploiting an xmlrpc.php in a wordpress and the server is at a 27 load average with only 4 cores.

eris · January 3, 2022, 9:05pm

This doesn’t limit a user only certain process. As php-fpm preforms best with multiple process it is not something what you want to limit to.

Final solution would be fully implementing Cgroups but currently there are about 30 open issues that have an higher priority. And as long as Hestia doesn’t pay any bills I don’t think it will implemented soon…

Steveorevo · January 21, 2023, 5:13pm

cgroups sounds like the ideal way (not possible in Docker; but that’s another story).

While NOT ideal, this could be implemented outside of Hestia, as a “brute force” hack:

Have a separate process that simply checks all users processes and employs cpulimit if they are using a predefined amount of CPU for a predefined maximum duration. For instance; running (as root):

ps axo pid,user:32,%cpu,%mem,cmd

Reveals the process id, username, and their resource usage. Tracking this and employing cpulimit could be done. Would anyone be interested in such a running script in the background?