David Curry said: >> The other assumption >> is that the person who adds logins and and gives out passwords to others >> knows more about whether their access to certain resources should be >> limited or if they can be trusted to use the full power of the box. >> >> >> > This argument overlooks the specifc kind of concern that prompted the > thread originating author to pose his question. Namely, vulnerability of > the system to fork bombing if it is hacked. If a system is hacked, a fork bomb is the least of your worries. Really. Given the choice between a DOS (which will get noticed) or a smart bad guy that is going to just quietly monitor everything and control your machine without being noticed, I would pick the DOS. As Dave Jones pointed out (very early in this thread) it is next to impossible to pick arbitrary values that will work in all situations. You will either guess too high or too low. To use your car analogy, would you expect to buy a car and have it's speed limited to 35 MPH, because that is the speed limit on the street you bought it? -- William Hooper