Question Request to Configure CPU, RAM, Process, and Background Process Restrictions

[Thomas Oryon]

Server operating system version

Rhel 9

Plesk version and microupdate number

18.0.78

Hello Support Team,

We would like to check whether the following CPU, RAM, and process restrictions can be configured and enforced on our Plesk Linux hosting server:

1. Creation of core dumps should be prohibited.
2. Simultaneous processes should not exceed 5 per account.
3. Execution of scripts or binaries that result in a fork bomb should be prohibited.
4. Running background processes, bots, services, or daemons should not be allowed.

Please confirm whether these restrictions can be applied per customer/subscription in Plesk.

If Plesk does not support these controls directly, kindly advise the recommended solution to enforce these limits. We would like to know whether this can be achieved using systemd/cgroups, custom scripts, OS-level limits, CloudLinux, or any other supported method.

Also, please advise whether accounts can be automatically suspended or restricted if they exceed the configured CPU, RAM, or process limits.

Awaiting your advice.

 

[TalkBuildHost]

On Plesk Obsidian for Linux (RHEL 9), the recommended way to enforce these types of restrictions is through CloudLinux LVE (if installed) or through a combination of systemd/PAM limits, PHP-FPM settings, and Plesk subscription configuration.


Here's how each requirement can be handled:

Requirement	Possible?	Recommended Method
Prohibit core dumps	Yes	Disable core dumps via PAM/systemd limits
Max 5 simultaneous processes	Yes	CloudLinux NPROC limit or PAM limits
Prevent fork bombs	Yes	Process limits (NPROC) and CloudLinux LVE
Disallow background processes/daemons	Partially	Process limits + jailed environment + monitoring

1. Prohibit Creation of Core Dumps​

Configure system limits:

/etc/security/limits.conf

* hard core 0
* soft core 0

Also disable at the kernel level:

echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf
sysctl -p

Verify:

ulimit -c

Should return:

0

This prevents users from generating core dump files.

2. Limit Simultaneous Processes to 5 per Account​

If Using CloudLinux (Recommended)​

Set:

NPROC = 5

for the package or individual account.

This limits the total number of processes a hosting account can run simultaneously.

Without CloudLinux​

Use PAM limits:

username hard nproc 5
username soft nproc 5

or per-group limits.

However, CloudLinux is significantly better for shared hosting because limits are enforced consistently across Apache, PHP-FPM, CGI, cron jobs, and shell sessions.

3. Prevent Fork Bombs​

Fork bombs rely on creating large numbers of child processes.

The standard protection is:

NPROC limit

Example:

NPROC = 5

Once the account reaches 5 processes:

fork(): Resource temporarily unavailable

and additional processes cannot be spawned.

CloudLinux's LVE manager is specifically designed to prevent fork bombs from affecting the server.

Without CloudLinux:

ulimit -u 5

or PAM nproc limits provide similar protection.

4. Disallow Background Processes, Bots, Services, or Daemons​

This is the most difficult requirement because Linux itself cannot always distinguish between:

• a legitimate PHP process
• a cron job
• a bot
• a daemon

However, you can significantly restrict users.

Disable SSH Access​

In Plesk:

Subscriptions
→ Hosting & DNS
→ Web Hosting Access
→ Forbidden

or:

No shell access

This prevents users from launching long-running services manually.

Disable Scheduled Tasks​

In Plesk:
Tools & Settings
→ Scheduled Tasks
Restrict or disable customer cron access.

Use PHP-FPM Limits​

Configure:

pm.max_children
request_terminate_timeout
max_execution_time

Example:

request_terminate_timeout = 60

This kills long-running PHP processes.

Use CloudLinux​

CloudLinux can enforce:

• CPU limits
• RAM limits
• Process limits
• Entry process limits

Example shared-hosting profile:

CPU = 100%
Memory = 1 GB
NPROC = 5
EP = 20
IO = 5 Mb/s

This makes it extrem

ely difficult to run bots, miners, daemons, or abusive background tasks.

---

Recommended Shared Hosting Configuration​

For a typical Plesk Linux shared-hosting server:
Core Dumps: Disabled

SSH Access: Disabled
NPROC: 5
Entry Processes: 20
Cron Jobs: Restricted
CPU: 1 Core
RAM: 1 GB
PHP max_execution_time: 60 sec
PHP request_terminate_timeout: 60 sec

If you're running Plesk on RHEL 9 without CloudLinux, you can achieve most of these controls with PAM and system limits, but if you're selling shared hosting and want reliable per-account enforcement, CloudLinux with LVE Manager is the industry-standard solution and provides the cleanest way to enforce all four requirements.