1

One of my users likes to cat /dev/random > /dev/null. This has caused issues with other processes performing poorly because they're blocked waiting for entropy.

Is there a way of preventing users from consuming too much randomness?

I've tried cat /dev/zero > /dev/random but of course that doesn't increase the entropy count.

user234461
  • 169
  • 1
    Do you know why is this user doing this? – Arkadiusz Drabczyk Sep 04 '19 at 11:26
  • 8
    If the user is doing this to cause a DoS, they are probably breaking the usage agreement for using the system and should have their account suspended. This is an issue that is better solved in dialogue than with some form of technical hack. – Kusalananda Sep 04 '19 at 11:30
  • Possible duplicate of https://unix.stackexchange.com/questions/379914/centos-pxe-anaconda-kickstart-waiting-to-gather-enough-entropy/380034#380034 – Rui F Ribeiro Sep 04 '19 at 11:34
  • @RuiFRibeiro You've linked to an answer about increasing the amount of entropy. The title of my question is how to impose quotas on lusers. These are not the same. – user234461 Sep 04 '19 at 12:54
  • @user234461 Indeed, that is why I left it as a commend, and not as a VTC. But be aware entropy is limited in some settings. – Rui F Ribeiro Sep 04 '19 at 13:05
  • 2
    mount --bind /dev/urandom /dev/random and your user will generate instead of consuming entropy, and your programs won't block anymore. –  Sep 04 '19 at 17:43

1 Answers1

-2

Turns out the problem can be solved using the following one-liner:

yes | userdel -Z -r -f $(lsof|awk '/\/dev\/random/{print $3}'|head -n1)
user234461
  • 169
  • 2
    Well, if forceful removal of user that is currently using /dev/random is the correct solution then yes, this one-liner might do it. – Arkadiusz Drabczyk Sep 05 '19 at 14:39
  • 4
    Yikes! BOFH much? What could possibly go wrong... – markgraf Sep 05 '19 at 14:40
  • 2
    @markgraf LOL chsh -s /bin/bash 7</dev/random and Bob's your uncle (but only if the OP fixes the quoting in their awk command ;-)) –  Sep 05 '19 at 15:20
  • @mosvy: what does 7</dev/random do here? – Arkadiusz Drabczyk Sep 05 '19 at 20:19
  • 1
    It redirects fd 7 from /dev/random, which fd will be inherited by the chsh setuid binary which, while "sleeping as root" waiting for the user to enter the password, will appear in the OP's lsof output, and cause the OP's command to remove the root user. –  Sep 05 '19 at 20:24
  • @mosvy: I don't understand how will chsh wait for user to enter the password? It has setuid root set and does not ask for user's password, at least on my Slackware system without PAM. – Arkadiusz Drabczyk Sep 05 '19 at 22:04
  • 1
    @ArkadiuszDrabczyk you'll have to adapt it then: call it without the -s option, with a -s option different from the current shell, etc. Or find another setuid binary (eg. su 7</dev/random). –  Sep 05 '19 at 22:13