On 21 Mar 2005, at 17:44, Scot L. Harris wrote:
Linux does not protect user space processes from each other.
That statement is incorrect. Linux and Unix in general have done a
better job of this than Windows ever did. I think what you mean is that
without setting appropriate ulimits there is nothing to keep a user
process from using all available resources on a system. This in turn
can impact other users since they may not be able to get resources from
the system as needed and ultimately it can impact the entire system if
the kernel is unable to get resources as well.
Well, Linux isn't perfect when isolating processes from each other. allowing a process denying another one from accessing local resources could be seen as an attack to the integrity or isolation.
As Linux becomes more main stream the assumption has to be that users won't have the expertise to tune a system. As such reasonable defaults and limits should be put in place to protect the user and the system. Those that have requirements that exceed these limits should be in the 10% range if the defaults and limits are well selected.
I think it's a good idea. But I can see all those Joe-Users flooding the mailinglists with messages like "When trying to run X I receive error Y: resources exhausted."
