|
Grex > Coop11 > #51: Enabling CGI scripts for Grex users | |
|
| Author |
Message |
| 19 new of 59 responses total. |
remmers
|
|
response 41 of 59:
| 
Apr 4 12:35 UTC 1999 |
You're pretty much correct about what an orphan is. But your assumption
about closed connections is wrong. Under Unix, you can arrange to run a
process "nohup" -- i.e. to ignore that the connection has closed. Then
the process continues to run even after its controlling terminal has
gone away. That behavior is what makes unattended bots possible. Grex
has been running a "kill-orphans" task for a number of years now to
catch such things. Presumably, it would continue to catch them if
they're running as CGI's.
|
prp
|
|
response 42 of 59:
|
Apr 4 15:58 UTC 1999 |
I remember some system from way back when, where when a connection was
lost, the task was suspended for 30 minutes. If the owner logged in
within that time, it was possible to reconnect with the old task, rather
than starting a new one. That could be nice for Grex, given all the
trouble I have with dropped connections.
Barring that, it seems like the easy way would be to kill the orphans
when the connection is lost, rather than having a kill orphans script.
But then I don't have to program it.
|
drew
|
|
response 43 of 59:
|
Apr 4 20:25 UTC 1999 |
That, I think, was the computer at Wastern Michigan university. The command
was "attach" instead of login; it prompted for a password, then you could pick
up where you left off.
|
davel
|
|
response 44 of 59:
|
Apr 4 22:32 UTC 1999 |
nohup (and the various underlying system features that make it possible) are
pretty basic to the operating system. To try to disable them so that orphans
are always killed right away might be pretty hard ... and I'm not sure it
would be desirable anyway.
|
prp
|
|
response 45 of 59:
|
Apr 5 02:14 UTC 1999 |
After thinking about this, I'm more confused. Are you telling me that
on a standard Unix system, when someone hangs up the phone rather than
logging out, the task just stays around until someone kills it by hand?
That cann't be right.
If I remember right, Grex has a fifteen minute timer which automatically
logs people off when there has been no input. How does that work?
|
remmers
|
|
response 46 of 59:
|
Apr 5 09:40 UTC 1999 |
When you start up a background task on a Unix platform, you can arrange
for it to be immune to hangup signals. Or the task can make that
arrangement itself. In either case, the task will continue to run after
the user logs out normally or hangs up the phone. This is a standard
Unix feature; it would be described in almost any book on Unix
programming. For starters, you can read "!man nohup" on Grex to find out
how a user can run a task that is immune from hangups.
|
prp
|
|
response 47 of 59:
|
Apr 5 16:45 UTC 1999 |
Or basically, submit a batch job with no limits, real-time or cpu-time.
It seems that if you are going to allow CGI scripts, you'll have to
restrict them to a few system supplied and trusted ones, impose some
limits, or put up with user generated infinite loops and such.
Given there are no restrictions on nohup, why should CGI scripts be
any worse?
|
ryan
|
|
response 48 of 59:
|
Apr 5 17:02 UTC 1999 |
This response has been erased.
|
remmers
|
|
response 49 of 59:
|
Apr 5 17:08 UTC 1999 |
We do have a restriction on nohup: The kill-orphans program limits the
amount of time that no-hupped programs can run. (Except for certain
exempt system jobs that need to always be running.)
One fundamental difference between CGI's and other kinds of programs: A
normal program stored on Grex can be run only by someone who is logged
into Grex. A CGI script stored on Grex can be run by anyone on the
internet with a web browser, whether or not they have an account on Grex.
|
remmers
|
|
response 50 of 59:
|
Apr 5 17:08 UTC 1999 |
(ryan slipped in with response #48)
|
pfv
|
|
response 51 of 59:
|
Apr 5 17:20 UTC 1999 |
Actually, as I recall - there is some oddball-superweird method
of convincing httpd that a page/cgi or whatever is "password
protected", too - ala' Backtalk..
A brief discrip of that method would prolly be applicable here,
but I sure can't remember what I read, where and how.
|
prp
|
|
response 52 of 59:
|
Apr 5 17:30 UTC 1999 |
Whether or not they have an account on Grex seems quite irrelevant.
Anybody can get an account, and with out ANY identification, or at
least any non-fictional identification.
|
pfv
|
|
response 53 of 59:
|
Apr 5 17:37 UTC 1999 |
And, your point was?
|
remmers
|
|
response 54 of 59:
|
Apr 5 21:12 UTC 1999 |
Yes, you can password-protect webpages and CGI's. I won't attempt
to describe the method here.
Not sure I see the point in #52 either. My point was: If somebody
puts up a web page on Grex, and that web page has a CGI on it, and
the web page and CGI become really popular, such that 20,000 users
visit it every week, that could add up to a fair chunk of Grex's
CPU usage. At least with regular programs, the necessity to log in
to Grex first before running them puts some kind of control on how
much the programs get run. No such control exists with CGI programs.
I'm not saying we shouldn't allow user CGI's, or that the above
worst-case scenario is necessarily going to happen, but it's
conceivable that user CGI's could sustantially increase the load
on Grex.
|
ryan
|
|
response 55 of 59:
|
Apr 5 23:52 UTC 1999 |
This response has been erased.
|
prp
|
|
response 56 of 59:
|
Apr 6 03:47 UTC 1999 |
From 51: a normal program can be run only by someone who is logged in,
a CGI script can be run by anyone on the Internet.
Point of 52: A normal program can be run by anyone on the Internet.
The big difference is that a CGI script makes it easier, at least if it
is a good one. This may cause some system load, but that's good as long
as it doesn't cause too much load. I imagine that anyone who created a
page that got 20,000 hits/week would be very happy. And that's less than
two/minute.
|
arthurp
|
|
response 57 of 59:
|
Apr 6 13:56 UTC 1999 |
From 51: a normal program can be run by someone logged in,
a CGI can be run by anyone on the internet.
Point of 52: A normal program can be run by anyone on the internet if
and only if they have successfully contended for one of the 70 or so
login connections available on Grex.
Programs are throttled by limits on Grex. CGI's are not throttled. I
once made a webpage here that completely swamped Grex and it had no
CGIs. It received a couple hundred hits.
Say it would be really handy if I had a multi search engine whose
expression parsing and results display I could control. I'll make a
multi search engine in my home. I"ll only use it myself and tell a
couple friends. It won't use much of Grex's CPU. It won't swamp the
like or raise the load so high mail never gets delivered. I promise.
|
devnull
|
|
response 58 of 59:
|
Apr 11 04:36 UTC 1999 |
Enabling cgi scripts would be reasonable, if appropriate resource limiting
is done.
Basically, I suspect that with a sane limit on the number of hits per owning
account per day, and some sort of cpu time limit for processing each of those
hits (not elapsed time; time spent actually doing something on a CPU), you
probably would end up offering a useful service without it swamping the
machine.
(And I'm thinking 100 hits per day per user, and 10 seconds per process,
might be the right amount.)
On a 4 processor system, that means a user could use .289% of grex's cpu
time through CGI abuse.
Now, in practice, the problem we run into is taht the staff will have to
spend time setting this up, and dealing with the fact that every now and
then, people *will* write cgi code that causes problems. I think this
can be done, if staff time is available, and I doubt that it really is.
|
mdw
|
|
response 59 of 59:
|
Apr 13 05:52 UTC 1999 |
One of the things I don't like thinking about is a forkbomb cgi.
|