Disable CoreDump on Apache with suPHP


ApacheThe idea of limiting user’s vhost resource usage on Apache brings me to give the suPHP a try. suPHP makes PHP process owned by the owner it self, not “nobody” or apache user, enabling us to limit resource per vhost.

After setting up suPHP with rlimit rule per vhosts, I see that Rlimit really works. Apache kills all PHP execution that hit the Rlimit. So, basically we can have a containers that lock user’s PHP execution, thus preventing user to overload the server with buggy or highload type of PHP script.
But a new problem arised. When PHP execution killed, it generate coredump files. Coredump files are very useful to traceback any crash issues that occur during PHP execution. But I got them all over user’s directory, especially  on user’s directory that have a highload type of PHP script. The size may vary from 1MB to 40MB (on my system). They eat up users space every time a greedy resource PHP execution killed.

I have try a few tips I got on Google to stop coredump files generation :

  • set “ulimit -c 0” for users on /etc/profile
  • set “/proc/sys/fs/suid_dumpable” to 0 (by default it already zero)
  • set /etc/security/limits.conf with 0 limit for core parameter
  • set CoreDumpDirectory to specific directory (I think suPHP makes apache ignores this directive)

None of them above worked. I have asked on WHT, Centos Forum, and cPanel support – but they dont have a solution for this problem.

Finally I found a very simple solution. I see on /etc/init.d/httpd and it has ulimit setting at the top lines of the file. I add “ulimit -c 0” and wohooo!! It works!
No more coredump files – thanks to my coredumb head 😛

Advertisements

About piyecarane

Bla bla bla about me
This entry was posted in CPANEL, Hosting, Linux and tagged , , , , , . Bookmark the permalink.

8 Responses to Disable CoreDump on Apache with suPHP

  1. Mo says:

    Thanks for the info, very useful.

    Could you please explain in more details regarding this:
    “After setting up suPHP with rlimit rule per vhosts, I see that Rlimit really works. Apache kills all PHP execution that hit the Rlimit.”

    Like, how did you make the settings, in which files, what is the accepted rlimit you put there?

    thank you.

  2. piyecarane says:

    Under suPHP system, I put rlimit for each vhost for example :
    RLimitCPU 20 40
    RLimitMEM 419430400 419430400
    RLimitNPROC 20 30

    First limit is soft limit, the second one is hard limit. For RLimitCPU, you can set it start from 1.

  3. Mo says:

    if it is not too much to ask, could you please write an article on how to implement this step by step not only to disable codedumps but the whole thing. Also, how to test if our setup is working good and limits are enforced.

    I think many people would find this very helpful.

    one of our biggest issues in shared hosting is to control CPU and Memory limits per site/user.

    thanks in advance.

  4. I have a headache with this coredump files. How can edit them to see what’s wrong ???

  5. Mike says:

    Hey there,

    i tried to set this up – but the rlimitnprocs are ignored by apache.
    would you mind to give some more infos about what you actually wrote in the virtual host section?
    maybee i think wrong but its still creating way more procs than i set with rlimitnpro.

    thanks!

  6. rowan says:

    Thanks for this! I had a similar problem with suphp dumping core files all over the place

  7. nopheme says:

    Thanks piyecarane, finding a way to change the ulimits was hell.

  8. bbennett says:

    Thanks, worked great.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s