How to limit processes or memory usage per user based on time and memory in CPanel using CSF

I recently ran into a memory overrun issue on one of my “dedicated” CPanel servers, given they are deployed to host only a handful of company sites specific to one user I usually don’t deploy memory/process limiting as you would in a shared CPanel environment. With the server non responsive and multiple memory overrun and process not responding emails from the box I had to do something to prevent this one user/website taking down the entire box. So here it is, how to limit processes or memory usage on a CPanel server based on time or total memory consumption per user account

This is based on CSF (Config Server Firewall) which comes highly recommended by myself and will be included in my CPanel install How-to doco’s that I’ll be releasing when I get time to finish them! :).

  1. Head to CSF Firewall Configuration and find the options starting from PT_USERPROC. see images below.

  2. Change the settings in the below fields to your desired levels, take a moment to read the descriptions as the ones I have recommended here might not be viable for your setup.
  3. PT_USERPROC = 20
    PT_USERMEM = 300
    PT_USERTIME = 900
    PT_USERKILL = 1
    PT_USERKILL_ALERT = 1

    Basically this is saying that any process under a specific user runnning for more than 900 seconds will trigger the user process kill and stop all processes under that user. It will also separately trigger the process kill for ALL processes under the specific user should that users TOTAL memory usage be over 300MB. The PT_USERKILL value sets where the process’s are killed or not, and the PT_USERKILL_ALERT value says whether you are emailed an informational alert stating what was done and why. This is valuable information and should always be on! Information is king!

Hope this helped some of you with process/memory issues on your servers. And again, take time to understand what each function does, CSF is a powerful tool! Questions in the comments! Cheers :)


Share

Tags: , , , , , , , , ,

2 Responses to “How to limit processes or memory usage per user based on time and memory in CPanel using CSF”

  1. Rama June 3, 2015 at 2:05 am #

    This can brick your server! It will also kill legitimate processes, such as kernel updates, cPanel updates, OS updates, and so on. If your system is in mid update of OS related, and process get’s killed, it’s likely your system dies, and someone local has to effect repairs.

    • Rama June 3, 2015 at 2:09 am #

      I should add, the same goes if you’re recompiling; Apache/PHP, upgrading MariaDB (or MySQL) for example (to update). Recompiling Apache/PHP uses a lot more resources than normal, thus if you set PT_USERKILL = 1 you’ll pooch Apache and have a broken system.

Leave a Reply