Projects provide a way to enforce limits on resource use for different users
and groups. They can be used to restrict the number of files a process can open,it's maximum file size, CPU use, memory allocation and more.
Every process and user belongs to one or more projects. A user's initial projectis determined at login time, and will either be default or the project
set in the User Attributes section of this module. Users can switch to
different projects using the newtask command.
Each project has a list of users and groups that are allowed to access it, for
example by switching to it with the newtask command. Just because a
user is a member of a project does not necessarily mean he will automatically
belong to it at login time though - this must be set in the User
Attributes section.
The most important attributes of a project are the resource limits that apply
to its member users. Each has the following attributes :
- Resource
- The resource that it controls, such as process.max-file-descriptor for the maximum creatable file size, or process.max-cpu-time for the amount of CPU time that a process can consume.
- Resource type
- Determines who can modify this resource limit, and is almost always set to Privileged. This attribute is optional - if <None> is selected, the system global limit for the resource will apply instead. The meanings of the other options are:
- Privileged - Can be modified only by privileged (superuser) callers.
- System - Fixed for the duration of the operating system instance.
- Basic - Can be modified by the owner of the calling process.
- Upper limit
- The upper limit on usage that a process is allowed to consume before the action is triggered. This is entered in bytes, seconds or number of threads, depending on the resource type.
- Action when exceeded
- Determines what happens to a process that exceeds the limit. Typically this is set to Deny, which simply causes the system call that attempted to exceed the limit to fail. However, the options to send a signal to the offending process may also be usedful.