On Tue, May 18, 2021 at 08:33:37AM +0000, Gestió Servidors wrote: > I want to limit CPUQuota and Memory using "Cgroups". After reading > some documents, it seems I need to modify "user.slice" systemd file > adding "CPUQuota=25%" (for example) but, after it, if I run a > "stress" with other user (not "root"), stress process takes 100% > CPU. I have noticed that rebooting system non-root user has % CPU > limited... but also root... so is it possible to configure that > limits to all users but non root? Make sure you also turn on CPUAccounting=true. Unfortunately, if you put any CPUQuota settings in user.slice, it will apply it as a group to all users (including root). So, every logged in user, in total, will not be able to use more than 25%, not per-user. (so, if two users start stressing the CPU, they'll each only be able to get around 12.5% each) CentOS 7 doesn't have a mechanism to set per-user CPU quota, that functionality wasn't introduced into a later version of systemd (it does work in CentOS 8, use user-.slice which is a "template" for user-1000.slice, user-1001.slice, user-9999999.slice, etc.) You can always set the resource control settings per-user by specifically writing a user-1000.slice, user-1001.slice, etc. What I did was write a systemd service that subscribed to the dbus messages for logins and activated the CPUQuota as the user logged in using systemctl --runtime. I had tens of thousands of users logging in via Active Directory, which changed constantly, so I couldn't hard-code anything. I suggest using the 'systemd-cgtop' command to look at what unit is using resources, it is helpful for debugging. -- Jonathan Billings <billings at negate.org>