[Babase] Database RAM

Karl O. Pinc babase@www.eco.princeton.edu
Wed, 13 Oct 2004 12:36:25 -0500


Sorry, sent that last mail a little early by accident.

OT: How much RAM does a webserver really need anyhow?

Just to get vmstat out of my system....

How about putting vmstat 10 in inetd and letting me
connect to a port with telnet to stream the data
to my terminal?

...

pause

You actually considered that for a minute, didn't you?

Well, ssh is exactly the same thing, only _much_ more
secure.  Like any other daemon you make an account
and give it no shell (/bin/false or whatever).
The public key goes in this account's authorized_keys file.
Like with inetd, "command=" means the
service can only run vmstat.  Unlike inetd you can
use "from=" to ensure that the client must be
login.biology.duke.edu.  You also want
"no-port-forwarding", "no-Xll-forwarding", and "no-pty",
unless you've some or all of these things turned off globally.
(no-pty means that ^C won't exit, you have to use
the ssh escape sequence "~.".)
Only I can connect (because you've given only me the
private part of the shared key), so if somebody else
gets in I'm responsible, or it's because somebody's stolen the
key from my home directory on login.biology.duke.edu
in which case you've other problems.
If you want to give other people access, you can
make new keys for them, or be slack and give out the
same private key.

(Iostat (in the sysstat package) would be nice too.
You could use the same account and a different key.)

It's hard (to impossible) to tune without feedback.

Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein