Hi Gurus,
Richard L Jackson Jr has clarified me that the autonice feature in the kernel
only affects user processes and therefore is safe for my purposes. Any way,
if someone would choose different policies for several groups of users then
"and" would be necessary.
Cheers,
Oyanarte
===============================
> Thanks to Tom Webster and Patrick Schemitz. Tom has suggested two possible
> solutions:
>
> 1) Change ssh configuration file
>
> In particular, change the "UseLogin" option to "yes". This should enforce
> ssh to use login(1) as part of the login process and follow C2 restrictions.
>
> I have done this is the ssh1 configuration file but it did not work (ssh2
> has not such a option). Tom recommended OpenSSH but since we have plain
> ssh1 and ssh2 installed we did not try OpenSSH.
>
> 2) Use dxkerneltuner(8X) to activate autonice in the kernel.
>
> We have not tried this because we do not know if this would affect also
> system daemons.
>
> Patrick, being the author of AND (auto nice daemon), called our attention to
> it; see http://and.sourceforge.net/. AND works for several operating systems
> including Tru64 Unix 4.0x and problably works also for 5.0x. Looks like being
> simple to install and configure and it is just what we are looking for. However
> we are taking by now a simpler solution: just renice to 20 the sshd daemons
> after any reboot; all ssh connections will have then nice number 20 as well as
> all starting shell processes by that user.
>
> As a final note, I have found a reference to "autonice", that has the same
> purpose of "and". It is in ftp.ba.cnr.it/pub/users/massimo/autonice-0.6 .
Received on Fri Mar 09 2001 - 18:58:40 NZDT