Entry process / process limit exceeded - how to monitor within user account?
Forum
For more information on the latest vulnerability (CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091),
please refer to our blog post
  1. Forums
  2. General
  3. General Discussion
  1. Adrian
  2. Wednesday, 11 July 2018
  3.  Subscribe via email
Within a cP user account I can see the stats, which are averaged over a minute (as granular as the cP report gets), which are minimal (4-6 processes) but through ssh I'm seeing spikes in activity every five minutes for just a couple of seconds during which processes are unable to fork, I assume due to LVE limits (either EP or NPROC) being exceeded. There are no "faults" reported in cP user console.

I've confirmed that there are no cron jobs in the user crontab, there is no activity to the website from the Internet, and no dovecot sessions from mail clients etc. I must assume that there are a few processes I can't see through ps -ef related to the user account, such a mail processing, httpd, etc but these should equally be pretty idle.

Via ps -ef I only every see around half a dozen processes max. Via /proc/stat the number of processes can vary from the same half dozen up to 50+, but an ls of /proc only shows half a dozen process directories. I can only assume that ps only shows procs spawned directly under the uid, and not those that have set an effective uid. Similarly /proc has similar view. I assume /proc/stat shows the real process count of all processes with the uid.

I can accept that there will be some activity, httpd, backups etc, but these background activities are almost hitting limits; either EP or NPROC, or both, but I'm struggling to diagnose which. If I run just a few more processes from the shell, it reports an unable for fork message on the 5 minute boundaries.

So, are my assumptions about ps and /proc/stat correct? Is there a way from within a standard end user account / cagefs to obtain a true view of EP and NPROC. Is there a way see the additional processes (not shown by ps)?

I'm basically trying to figure out what the true counts are, and why the limits are being (almost) hit before any real use of the account is taking place. Any insights would be much appreciated.
Rate this post:
  1. 13.07.2018 11:07:46
  2. # 1
Vladimir Accepted Answer
Posts: 108
Joined: 04.07.2017
0
Votes
Undo
Hello,

According to ps documentation, by default, ps shall select all processes with the same effective user ID as the current user and the same controlling terminal as the invoker. So it's not clear why the amount of processes is different.
Please submit a ticket to https://cloudlinux.zendesk.com, our techs will check the issue in place.

> Is there a way from within a standard end user account / cagefs to obtain a true view of EP and NPROC.

End-users can check LVE usage statistics only via control panel interface. Unfortunately, lvetop and lveps commands are not available inside CageFS.
But system administrator can use lvetop and lveps to monitor LVE usage in real time.
  1. 13.07.2018 11:07:42
  2. # 2
Igor Ghertesco Accepted Answer
Posts: 154
Joined: 07.08.2015
0
Votes
Undo
Hello,

You can check which processes are currently inside LVE via command line like this:

# lveps -p


Just to mention, that the process inside LVE could fork, this is why NPROC limit was made - to make sure that the process won't fork too many subprocesses inside LVE.

Let me know if it does help.
  1. 16.07.2018 11:07:52
  2. # 3
Adrian Accepted Answer
Posts: 0
Joined: 26.06.2019
0
Votes
Undo
Thanks Vladimir - I'll raise a ticket. I can only assume that the /proc entry includes all processes (eg from backups) related to the UID and that these aren't reported by ps or counted by lve.

Igor - as Vladimir mentions, the lveps command is not available within cagefs.

Thanks
  1. 26.05.2019 17:05:22
  2. # 4
ios man Accepted Answer
Posts: 8
Joined: 26.05.2019
0
Votes
Undo
ia /proc/stat the number of processes can vary from the same half dozen up to 50+, but an ls of /proc only shows half a dozen process directories. I can only assume that ps only shows procs spawned directly under the uid, and not those that have set an effective uid . . .only assume that the /proc entry includes all processes (eg from backups) related to the UID
  1. 28.05.2019 17:05:09
  2. # 5
Sergey Khristich Accepted Answer
Posts: 38
Joined: 20.05.2019
0
Votes
Undo
Hello
Please let us know if you have any questions.
Thanks in advance!
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.