How to apply memory limits to all cron jobs?

Solution 1:

I'm pretty sure you cant set up limits on a service via the limits.conf but only on a user space.

Crontab executes scripts in the appointed user space defined either from /etc/crontab via username or from the users own personal crontab. So limits has to be applied on a user-space level or from inside the script it self. But it's correct you need to enable the limits under pam.d/cron as this enables cron to apply the user limits when executing the script.

I setup a little test scenario so we can check how to limit a users cronjobs.

1) Made a user called crontest

2) Added one line to limits.conf

crontest        hard    as              50000

3) Made a quick little test script to allocate memory. You can properly find source example around the Internet that is way better than mine, but it works.

#include <malloc.h>
#include <unistd.h>
#include <memory.h>
#define MB 1024 * 1024
int main() {
        int size;
        size = 0;
    while (1) {
        void *p = malloc( 10*MB );
        memset(p,0, 10*MB );
        size = 10+size;
        printf("Using %d MB\n",size);
        sleep(1);
    }
}

Save the above source code into mem.c and type the following to compile it.

gcc mem.c -o mem
cp mem /bin/mem

Now to test

As root i ran the mem test script and this is the output. As you can see i can allocate more than 50MB RAM (AddressSpace)

# mem
Using 10 MB
Using 20 MB
Using 30 MB
Using 40 MB
Using 50 MB
Using 60 MB
^C

I then changed to my new test user and tried the same.

$ mem
Using 10 MB
Using 20 MB
Using 30 MB
Using 40 MB
Segmentation fault

As you can see the system cut me off as i tried to allocate the next 10MB that would have hit 50MB (my limit).

Next i added the following to /etc/crontab

* * * * * crontest /bin/mem

Saved the crontab and waited for the cron to spawn my user-space script under crontest user. I could now see that the same things applied to my users crontab script just fine.

Output from cron.log showing the script started

Nov 22 16:52:01 server CRON[31460]: (crontest) CMD (/bin/mem)

Output from syslog showing the script dieing again..

Nov 22 16:52:05 server kernel: [624832.216083] mem[31464]: segfault at 8 ip 00007f87868f51b8 sp 00007ffce83fa058 error 6 in libc-2.24.so[7f8786871000+195000]

So as you can see the limit applies both to the user environment when logging in and to the cronjobs. So i think you need to take a look at your limits.conf file i don't think it's correct.