CN111858020A - User resource limiting method, device and computer storage medium - Google Patents

User resource limiting method, device and computer storage medium Download PDF

Info

Publication number
CN111858020A
CN111858020A CN201910364782.XA CN201910364782A CN111858020A CN 111858020 A CN111858020 A CN 111858020A CN 201910364782 A CN201910364782 A CN 201910364782A CN 111858020 A CN111858020 A CN 111858020A
Authority
CN
China
Prior art keywords
control group
resource
user
target control
user identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910364782.XA
Other languages
Chinese (zh)
Other versions
CN111858020B (en
Inventor
魏明江
李维亮
刘婧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Suzhou Software Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201910364782.XA priority Critical patent/CN111858020B/en
Publication of CN111858020A publication Critical patent/CN111858020A/en
Application granted granted Critical
Publication of CN111858020B publication Critical patent/CN111858020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The embodiment of the invention provides a method and a device for limiting user resources and a computer storage medium, wherein the method comprises the following steps: acquiring a current process and a user identifier corresponding to the current process; in this way, when whether the user identifier corresponding to the current process belongs to the user identifier carried by the configuration file corresponding to the target control group is obtained, and the user identifier belongs to the user identifier carried by the configuration file corresponding to the target control group is further determined, the current process is added into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier. Therefore, the control group corresponding to the user group to be subjected to resource limitation is established, all processes corresponding to the user identification are added into the corresponding control group, the control group is utilized to realize the limitation of the system resources used by the user or the user group, the processes of the user cannot be omitted, and the overall global limitation of the resources used by all processes under the user or the user group is realized.

Description

User resource limiting method, device and computer storage medium
Technical Field
The present invention relates to the field of computer resource restriction, and in particular, to a method and an apparatus for user resource restriction, and a computer storage medium.
Background
A multi-user operating system such as Linux allows multiple users to log in and use the system at the same time, and for this reason, it is sometimes necessary to limit system resources that can be used by a certain user or user group, so as to prevent one user from using the system resources excessively, which may result in other users not being able to use the system resources.
At present, when a multi-user operating system limits user resources, on one hand, resources cannot be limited for all tasks of a user or a user group, and on the other hand, limited resource types and strategies are few.
Disclosure of Invention
In order to solve the existing technical problem, embodiments of the present invention provide a method, an apparatus, and a storage medium for user resource restriction, which can effectively implement global restriction on system resources used by multiple specified users.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides a user resource limiting method, which comprises the following steps: acquiring a current process and a user identifier corresponding to the current process; and when the user identifier is determined to belong to the user identifier carried by the configuration file corresponding to the target control group, adding the current process into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier.
Before the obtaining of the current process and the user identifier corresponding to the current process, the method includes: acquiring a configuration file meeting a set format requirement, and generating a corresponding control group based on the configuration file; wherein the set format requirement comprises a user identification and a format requirement of a specified resource restriction parameter.
Wherein the resource limitation parameter comprises a resource limitation type and a resource limitation value; the generating of the corresponding control group based on the configuration file includes: and determining the resource limitation type and the resource limitation numerical value of the control group corresponding to the user identifier based on the user identifier and the resource limitation parameter carried by the configuration file.
Wherein the joining the current process to the target control group comprises: and adding the current process into the target control group, determining a resource limitation type and a resource limitation numerical value corresponding to the target control group, and performing resource limitation on the target control group by using the corresponding resource limitation numerical value based on the resource limitation type.
The resource limitation type is a central processing unit, and the resource limitation value is a first threshold value; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes: and carrying out resource limitation on a central processing unit occupied by the process contained in the target control group by using the first threshold.
The resource limitation type is a memory, and the resource limitation value is a second threshold value; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes: and carrying out resource limitation on the memory occupied by the process contained in the target control group by using the second threshold value.
Wherein the resource limitation type is a block device, and the resource limitation value is a third threshold value; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes: and limiting the resource of the block device occupied by the process contained in the target control group by the third threshold value.
The acquiring the current process and the user identifier corresponding to the current process includes: traversing all current processes, and determining a user identifier corresponding to each process; or acquiring a new process, and determining a user identifier corresponding to the new process.
The embodiment of the invention also provides a user resource limiting device, which comprises: the device comprises an acquisition module and a determination module; the acquiring module is used for acquiring a current process and a user identifier corresponding to the current process; the determining module is configured to add the current process to a target control group when it is determined that the user identifier belongs to a user identifier carried by a configuration file corresponding to the target control group, where the target control group is generated based on the configuration file carrying the specified user identifier.
The embodiment of the present invention further provides a device for limiting user resources, including: a processor and a memory for storing a computer program capable of running on the processor; when the computer program is run, the first processor is used for implementing the color matching method of any embodiment of the invention applied to the article display management equipment.
The embodiment of the invention also provides a computer storage medium, wherein a computer program is stored in the computer storage medium, and when being executed by a processor, the computer program realizes the user resource limitation method in any embodiment of the invention.
The embodiment of the invention provides a method, a device and a computer storage medium for limiting user resources, which comprises the following steps: acquiring a current process and a user identifier corresponding to the current process; in this way, when whether the user identifier corresponding to the current process belongs to the user identifier carried by the configuration file corresponding to the target control group is obtained, and the user identifier belongs to the user identifier carried by the configuration file corresponding to the target control group is further determined, the current process is added into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier. Therefore, the control group corresponding to the user group to be subjected to resource limitation is established, all processes corresponding to the user identification are added into the corresponding control group, the control group is utilized to realize the limitation of the system resources used by the user or the user group, the processes of the user cannot be omitted, and the overall global limitation of the resources used by all processes under the user or the user group is realized.
Drawings
Fig. 1 is a flowchart illustrating a method for limiting user resources according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for restricting user resources according to another embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for restricting user resources according to another embodiment of the present invention
Fig. 4 is a schematic structural diagram of a user resource restriction apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a user resource restriction apparatus according to another embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further elaborated by combining the drawings and the specific embodiments in the specification. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
As shown in fig. 1, an embodiment of the present invention provides a method for restricting user resources, where the method includes the following steps:
Step 101: acquiring a current process and a user identifier corresponding to the current process;
a process is a running activity of a program with certain independent functions with respect to a certain data set. It is a basic unit for dynamic execution of an operating system, and in the operating system, a process may be a basic allocation unit or a basic execution unit.
Here, the user identifier refers to identification information corresponding to a user who establishes a current process; the acquisition of the current process and the user identifier corresponding to the current process means that a user carries the corresponding user identifier and creates a new process based on a kernel, and the processor acquires the current process and the corresponding user identifier.
Step 102: and when the user identifier is determined to belong to the user identifier carried by the configuration file corresponding to the target control group, adding the current process into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier.
Here, the configuration file carries a user identifier corresponding to a user or a user group that needs to perform resource restriction, and the target control group generation based on the configuration file carrying the specified user identifier means that the tool command line is executed based on the configuration file carrying the specified user identifier, and then a corresponding target control group is created according to the configuration file.
Determining that the user identifier belongs to the user identifier carried by the configuration file corresponding to the target control group means that the user identifier carried in the target control group includes the user identifier, for example, the user identifier carried by the configuration file corresponding to the target control group includes a user a, a user B, and a user C, and when determining that the user identifier corresponding to the current process is the user a, that is, when determining that the user identifier carried by the configuration file corresponding to the target control group belongs to the user identifier carried by the configuration file corresponding to the target control group, adding the current process to the target control group.
According to the user resource limiting method provided by the embodiment of the invention, a current process and a user identifier corresponding to the current process are obtained; in this way, when whether the user identifier corresponding to the current process belongs to the user identifier carried by the configuration file corresponding to the target control group is obtained, and the user identifier belongs to the user identifier carried by the configuration file corresponding to the target control group is further determined, the current process is added into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier. Therefore, the control group corresponding to the user group to be subjected to resource limitation is established, all processes corresponding to the user identification are added into the corresponding control group, the control group is utilized to realize the limitation of the system resources used by the user or the user group, the processes of the user cannot be omitted, and the overall global limitation of the resources used by all processes under the user or the user group is realized.
In an embodiment, before the obtaining of the current process and the user identifier corresponding to the current process, the method includes:
acquiring a configuration file meeting a set format requirement, and generating a corresponding control group based on the configuration file; wherein the set format requirement comprises a user identification and a format requirement of a specified resource restriction parameter.
Acquiring a configuration file meeting the set format requirement, wherein the configuration file carries specified user identifications and resource limitation parameters corresponding to each user identification; or, the configuration file carries the specified user identifier and the specified resource limitation parameter.
Generating a corresponding control group based on the configuration file refers to generating a control group carrying a user identifier and a specified resource restriction parameter based on the configuration file meeting the set format requirement. The resource restriction parameter refers to a set of kinds and values of resources restricted to users or user groups within a control group generated for a profile. The configuration file generally includes the following fields: user/user group: the user identifier is the name of the user or the user group needing resource limitation; a controller: a resource restriction category; value: a resource limit value; cgroup: the corresponding control group, i.e., the control group to which the process of that user or group of users needs to join. Here, the configuration file that meets the set format requirements may contain the following contents: for the user a, the resource restriction type is the number of processes that can be created, the resource restriction value is Z for example, and the corresponding control group is U.
In the above embodiment of the present application, a configuration file meeting a set format requirement is obtained, and a corresponding control group is further generated, so that a resource used by all processes of a user or a user group included in the control group is limited based on a user identifier and a resource limitation parameter carried by the control group.
In one embodiment, the joining the current process to the target control group includes:
and adding the current process into the target control group, determining a resource limitation type and a resource limitation numerical value corresponding to the target control group, and performing resource limitation on the target control group by using the corresponding resource limitation numerical value based on the resource limitation type.
Here, the resource restriction parameter includes a resource restriction type and a resource restriction value, and specifically, the resource restriction type may include a Central Processing Unit (CPU), a memory, a block device, a device access right, a network, a number of processes that can be created, a remote direct data access, and the like; the resource limit value may be a specific resource limit value given for a certain resource limit category.
Here, the resource restriction type and the resource restriction value of the control group corresponding to the user identifier are determined based on the user identifier and the resource restriction parameter carried by the configuration file.
Adding the current process into the target control group, determining the resource limitation type and the resource limitation value corresponding to the target control group, that is, adding the current process into the corresponding target control group, and determining the resource limitation type and the resource limitation value corresponding to the target control group, further, performing resource limitation on the target control group by using the corresponding resource limitation value based on the resource limitation type, for example, if the resource limitation type CPU of the user a is 30%, limiting the CPU occupancy rate of the user a in the control group to 30%.
In the above embodiment of the present invention, the resource restriction is implemented on the target control group according to the corresponding resource restriction type and resource restriction value by adding the current process to the corresponding target control group and based on the resource restriction type and resource restriction value corresponding to the target control group, so that the resource restriction is implemented on the process of the user or user group by adding the user or user group corresponding to the current process to the corresponding control group according to the corresponding resource restriction type and resource restriction value; at the same time, the resource restrictions of the control group include substantially all the resources used by the user or group of users, and are flexible in configuration, allowing the resource restrictions of the user or group of users to be refined and easier to control.
In one embodiment, the resource limitation type is a CPU, and the resource limitation value is a first threshold; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes:
and carrying out resource limitation on the CPU occupied by the process contained in the target control group by using the first threshold value.
As can be seen with reference to the above embodiments, the resource restriction categories may include CPU, memory, block device, device access rights, network, number of processes that can be created, RDMA remote direct data Access, and the like.
Taking the resource limitation type as the CPU as an example, the first threshold may be a value of the CPU occupied by the process included in the target control group, and a general value is a percentage of the CPU occupied; for example, a control group generated based on a configuration file is a control group G, and a first threshold is set to be 50%, then the first threshold is used to perform resource limitation on the CPU occupied by the process contained in the target control group, that is, the CPU occupied by the process contained in the control group G occupies 50% at most, otherwise, the CPU is subject to resource limitation, so that the problem that the user or the user group contained in the target control group cannot use the system resource due to excessive use of the system resource by the CPU in the target control group is prevented by performing resource limitation on the first threshold.
In one embodiment, the resource limitation type is a memory, and the resource limitation value is a second threshold; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes:
and carrying out resource limitation on the memory occupied by the process contained in the target control group by using the second threshold value.
As can be seen from the above embodiments, the resource restriction categories include CPU, memory, block device, device access rights, network, number of processes that can be created, RDMA remote direct data access, and the like,
here, taking the resource restriction type as the memory as an example, here, the first threshold may be a numerical value of the memory occupied by the process included in the target control group, and is generally a byte occupying the memory; for example, a control group generated based on the configuration file is a control group H, and a set second threshold is X bytes, then the second threshold is used to perform resource limitation on the memory occupied by the process included in the target control group, that is, the memory occupied by the process included in the control group H is at most X bytes, otherwise, the memory is subject to resource limitation; therefore, by limiting the resources of the memory in the target control group by the second threshold, the problem that the users or user groups included in the target control group excessively use the system resources to cause that other users not in the control group cannot use the system resources is prevented.
In one embodiment, the resource restriction category is a block device, and the resource restriction value is a third threshold; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes:
and limiting the resource of the block device occupied by the process contained in the target control group by the third threshold value.
As can be seen with reference to the above embodiments, the resource restriction categories include CPU, memory, block device, device access rights, network, number of processes that can be created, RDMA remote direct data access, and the like.
Here, the resource restriction type is taken as an example of a block device, the block device stores information in fixed-size blocks, each block has its own address, and data of a certain length, such as a hard disk, a U disk, an SD card, and the like, can be read at any position of the device.
Here, the third threshold may be a value of a block device occupied by a process included in the target control group, and is generally a number of blocks occupying the block device; for example, a control group generated based on the configuration file is a control group I, and a second threshold is a Y block, then the third threshold is used to perform resource limitation on the block device occupied by the process included in the target control group, that is, the block device occupied by the process included in the control group I is the most Y block, otherwise, the block device is subject to resource limitation; in this way, by limiting the resource of the block device in the target control group by the third threshold, the problem that the system resource is excessively used by the user or the user group contained in the target control group, which results in the user not in the control group being unable to use the system resource is prevented.
In an embodiment, the obtaining the current process and the user identifier corresponding to the current process includes:
and traversing all current processes, and determining the user identification corresponding to each process.
Here, traversing all current processes, and determining the user identifier corresponding to each process means that all processes in the system are to be acquired, and the user identifiers corresponding to each process are respectively determined; further, determining that the user identifier belongs to the user identifier carried by the configuration file corresponding to the control group, adding the process to the corresponding control group, and realizing resource limitation on the process.
Further, referring to fig. 2, in the process of traversing all current processes and determining the user identifier corresponding to each process, the following steps are specifically included, and it should be noted that the following steps are all implemented by a file system interface of cgroup.
Step S11: acquiring a configuration file of user resource limitation;
the configuration file is a control group for generating resource restriction on users or user groups, a system administrator writes the configuration file for the users or user groups needing resource restriction, and the configuration file generally includes the following fields: user/usergroup: the user identifier is the name of the user or the user group needing resource limitation; a controller: a resource restriction category; value: a resource limit value; cgroup: the corresponding control group, i.e., the control group to which the process of that user or group of users needs to join.
And after the configuration file is created and written into the system, the system acquires the configuration file carrying the user identifier and the specified resource limitation parameter.
Step S12: an active configuration file;
the validation configuration file specifically refers to a command line of the execution tool, the validation configuration file is generated, that is, a control group carrying the user identifier and the resource restriction parameter is generated based on the configuration file, and resource restriction is performed on a process corresponding to the user or the user group, which is specifically referred to in steps S13 to S15 below.
Step S13: creating a control group according to the configuration file;
here, the automatically creating a control group according to the configuration file refers to generating a control group carrying the user identifier and the specified resource restriction parameter based on the configuration file carrying the user identifier and the specified resource restriction parameter.
Step S14: configuring resource limitation to the control group according to the resource limitation parameter;
the automatic resource limitation of the control group according to the resource limitation parameter means that the resource limitation parameter which is generated based on the configuration file and carries the user identifier and the specified resource limitation parameter and corresponds to the control group configuration, so that the resource limitation of the control group by the resource limitation parameter is realized.
Step S15: and traversing all current processes, and determining the user identification corresponding to each process.
Traversing all current processes, determining a user identifier corresponding to each process, determining the user identifier which belongs to the user identifier carried by the configuration file corresponding to the control group, adding all the current processes corresponding to the user into the control group, and realizing the resource limitation of the current processes of the user based on the resource limitation parameters; in this way, it is achieved that the resources used by all processes of a user or group of users contained within a control group are restricted.
In an embodiment, the obtaining the current process and the user identifier corresponding to the current process includes:
and acquiring a new process, and determining a user identifier corresponding to the new process.
Here, after acquiring a configuration file meeting a set format requirement and generating a corresponding control group based on the configuration file, the system performs real-time detection according to a set period, and when acquiring a new process, determines a user identifier corresponding to the new process, specifically, referring to fig. 3, the method includes the following steps:
step S21: acquiring a new process;
step S22: judging whether the newly-built process has resource restriction configuration or not;
Here, the user identifier corresponding to the new process is determined, and if the user identifier belongs to the user identifier carried by the configuration file corresponding to the control group, the process goes to step S23;
if the user identifier does not belong to the user identifier carried by the configuration file corresponding to the control group, the step S21 is performed;
step S23: adding the new process into the corresponding control group;
and adding the newly-built process into a corresponding control group, determining a resource limitation type and a resource limitation numerical value of the control group corresponding to the user identifier based on the user identifier and the resource limitation parameter carried by the configuration file, and performing resource limitation on the newly-built process by using the corresponding resource limitation numerical value based on the resource limitation type.
Here, it is determined whether the new process has resource constraint configuration for the new process, and if so, adding the new process to the corresponding control group may be implemented by modifying a code of the kernel new process.
In the above embodiment of the present invention, the new process is obtained, the user identifier corresponding to the new process is determined, and the resource restriction on the new process corresponding to the user identifier belonging to the control group is realized, so that the new process of the user or the user group is monitored in real time, the resource restriction on all processes of the user or the user group included in the control group is ensured, and the process omission is avoided.
In another embodiment, as shown in fig. 4, there is also provided a resource restriction apparatus, including:
an obtaining module 21, configured to obtain a current process and a user identifier corresponding to the current process;
a determining module 22, configured to add the current process to a target control group when it is determined that the user identifier belongs to a user identifier carried by a configuration file corresponding to the target control group, where the target control group is generated based on the configuration file carrying the specified user identifier.
In the above embodiment of the present application, a current process and a user identifier corresponding to the current process are obtained; in this way, when whether the user identifier corresponding to the current process belongs to the user identifier carried by the configuration file corresponding to the target control group is obtained, and the user identifier belongs to the user identifier carried by the configuration file corresponding to the target control group is further determined, the current process is added into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier. Therefore, all processes corresponding to the user identification are added into the control group corresponding to the user identification, the control group is utilized to realize the resource limitation of the user or the user group, the processes of the user cannot be omitted, and the limitation of the resources used by all the processes under the user or the user group is realized.
Optionally, the obtaining module 21 is further configured to obtain a configuration file meeting a set format requirement, and generate a corresponding control group based on the configuration file; wherein the set format requirement comprises a user identification and a format requirement of a specified resource restriction parameter.
Optionally, the resource limitation parameter includes a resource limitation type and a resource limitation value; the determining module 22 is further configured to determine a resource limitation type and a resource limitation numerical value of the control group corresponding to the user identifier based on the user identifier and the resource limitation parameter carried by the configuration file.
Optionally, the determining module 22 is further configured to add the current process to the target control group, determine a resource restriction type and a resource restriction value corresponding to the target control group, and perform resource restriction on the target control group by using the corresponding resource restriction value based on the resource restriction type.
Optionally, the resource limitation type is a CPU, and the resource limitation value is a first threshold; the determining module 22 is further configured to perform resource limitation on the CPU occupied by the process included in the target control group by using the first threshold.
Optionally, the resource limitation type is a memory, and the resource limitation value is a second threshold; the determining module 22 is further configured to perform resource limitation on the memory occupied by the process included in the target control group by using the second threshold.
Optionally, the resource limitation category is a block device, and the resource limitation value is a third threshold; the determining module 22 is further configured to perform resource limitation on the block device occupied by the process included in the target control group by using the third threshold.
Optionally, the obtaining module 21 is further configured to traverse all current processes, and determine a user identifier corresponding to each process.
Optionally, the obtaining module 21 is further configured to obtain a new process, and determine a user identifier corresponding to the new process.
In another embodiment, as shown in fig. 5, there is also provided a user resource restriction apparatus, including: at least one processor 210 and a memory 211 for storing computer programs capable of running on the processor 210; the processor 210 illustrated in fig. 5 is not used to refer to the number of processors as one, but is only used to refer to the position relationship of the processor with respect to other devices, and in practical applications, the number of processors may be one or more; similarly, the memory 211 illustrated in fig. 5 is also used in the same sense, i.e., it is only used to refer to the position relationship of the memory with respect to other devices, and in practical applications, the number of the memory may be one or more.
Wherein, when the processor 210 is used for running the computer program, the following steps are executed:
acquiring a current process and a user identifier corresponding to the current process;
and when the user identifier is determined to belong to the user identifier carried by the configuration file corresponding to the target control group, adding the current process into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier.
In an alternative embodiment, the processor 210 is further configured to execute the following steps when the computer program runs:
acquiring a configuration file meeting a set format requirement, and generating a corresponding control group based on the configuration file; wherein the set format requirement comprises a user identification and a format requirement of a specified resource restriction parameter.
In an alternative embodiment, the processor 210 is further configured to execute the following steps when the computer program runs:
and adding the current process into the target control group, determining a resource limitation type and a resource limitation numerical value corresponding to the target control group, and performing resource limitation on the target control group by using the corresponding resource limitation numerical value based on the resource limitation type.
In an alternative embodiment, the processor 210 is further configured to execute the following steps when the computer program runs:
and carrying out resource limitation on the CPU occupied by the process contained in the target control group by using the first threshold value.
In an alternative embodiment, the processor 210 is further configured to execute the following steps when the computer program runs:
and carrying out resource limitation on the memory occupied by the process contained in the target control group by using the second threshold value.
In an alternative embodiment, the processor 210 is further configured to execute the following steps when the computer program runs:
and limiting the resource of the block device occupied by the process contained in the target control group by the third threshold value.
In an alternative embodiment, the processor 210 is further configured to execute the following steps when the computer program runs:
traversing all current processes, and determining a user identifier corresponding to each process; or the like, or, alternatively,
and acquiring a new process, and determining a user identifier corresponding to the new process.
The computer device may further include: at least one network interface 212. The various components on the transmit side are coupled together by a bus system 213. It will be appreciated that the bus system 213 is used to enable communications among the connections of these components. The bus system 213 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, however, the various buses are labeled as bus system 213 in fig. 5.
The memory 211 may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memory 211 described in connection with the embodiments of the invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The memory 211 in the embodiment of the present invention is used to store various types of data to support the operation of the transmitting end. Examples of such data include: any computer program for operating on the sender side, such as an operating system and application programs. The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application programs may include various application programs for implementing various application services. Here, the program that implements the method of the embodiment of the present invention may be included in an application program.
The embodiment further provides a computer storage medium, for example, including a memory 211 storing a computer program, which can be executed by a processor 210 in the transmitting end to perform the steps of the foregoing method. The computer storage medium can be FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM; or various devices including one or any combination of the above memories, such as a smart phone, a tablet computer, a notebook computer, and the like. A computer storage medium having a computer program stored therein, the computer program, when executed by a processor, performing the steps of:
Wherein, when the processor 210 is used for running the computer program, the following steps are executed:
acquiring a current process and a user identifier corresponding to the current process;
and when the user identifier is determined to belong to the user identifier carried by the configuration file corresponding to the target control group, adding the current process into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier.
In an alternative embodiment, the computer program, when executed by the processor, further performs the steps of:
acquiring a configuration file meeting a set format requirement, and generating a corresponding control group based on the configuration file; wherein the set format requirement comprises a user identification and a format requirement of a specified resource restriction parameter.
In an alternative embodiment, the computer program, when executed by the processor, further performs the steps of:
and adding the current process into the target control group, determining a resource limitation type and a resource limitation numerical value corresponding to the target control group, and performing resource limitation on the target control group by using the corresponding resource limitation numerical value based on the resource limitation type.
In an alternative embodiment, the computer program, when executed by the processor, further performs the steps of:
and carrying out resource limitation on the CPU occupied by the process contained in the target control group by using the first threshold value.
In an alternative embodiment, the computer program, when executed by the processor, further performs the steps of:
and carrying out resource limitation on the memory occupied by the process contained in the target control group by using the second threshold value.
In an alternative embodiment, the computer program, when executed by the processor, further performs the steps of:
and limiting the resource of the block device occupied by the process contained in the target control group by the third threshold value.
In an alternative embodiment, the computer program, when executed by the processor, further performs the steps of:
traversing all current processes, and determining a user identifier corresponding to each process; or the like, or, alternatively,
and acquiring a new process, and determining a user identifier corresponding to the new process.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A method for user resource restriction, the method comprising:
acquiring a current process and a user identifier corresponding to the current process;
and when the user identifier is determined to belong to the user identifier carried by the configuration file corresponding to the target control group, adding the current process into the target control group, wherein the target control group is generated based on the configuration file carrying the specified user identifier.
2. The method for limiting user resources according to claim 1, wherein before the obtaining of the current process and the user identifier corresponding to the current process, the method comprises:
acquiring a configuration file meeting a set format requirement, and generating a corresponding control group based on the configuration file; wherein the set format requirement comprises a user identification and a format requirement of a specified resource restriction parameter.
3. The method as claimed in claim 1, wherein the adding the current process to the target control group comprises:
and adding the current process into the target control group, determining a resource limitation type and a resource limitation numerical value corresponding to the target control group, and performing resource limitation on the target control group by using the corresponding resource limitation numerical value based on the resource limitation type.
4. The method of claim 3, wherein the resource restriction category is CPU, and the resource restriction value is a first threshold; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes:
and carrying out resource limitation on a central processing unit occupied by the process contained in the target control group by using the first threshold.
5. The method according to claim 3, wherein the resource restriction category is a memory, and the resource restriction value is a second threshold; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes:
and carrying out resource limitation on the memory occupied by the process contained in the target control group by using the second threshold value.
6. The method according to claim 3, wherein the resource restriction category is block device, and the resource restriction value is a third threshold value; the resource limiting the target control group by the corresponding resource limit value based on the resource limit category includes:
And limiting the resource of the block device occupied by the process contained in the target control group by the third threshold value.
7. The method for limiting user resources according to claim 1, wherein the obtaining a current process and a user identifier corresponding to the current process includes:
traversing all current processes, and determining a user identifier corresponding to each process; or the like, or, alternatively,
and acquiring a new process, and determining a user identifier corresponding to the new process.
8. An apparatus for limiting user resources, the apparatus comprising: the device comprises an acquisition module and a determination module; wherein the content of the first and second substances,
the acquisition module is used for acquiring a current process and a user identifier corresponding to the current process;
the determining module is configured to add the current process to a target control group when it is determined that the user identifier belongs to a user identifier carried by a configuration file corresponding to the target control group, where the target control group is generated based on the configuration file carrying the specified user identifier.
9. A user resource restriction apparatus, comprising: a processor and a memory for storing a computer program capable of running on the processor;
wherein the processor is configured to implement the user resource restriction method of any one of claims 1 to 7 when running the computer program.
10. A computer storage medium, in which a computer program is stored, which, when being executed by a processor, implements the user resource restriction method according to any one of claims 1 to 7.
CN201910364782.XA 2019-04-30 2019-04-30 User resource limiting method and device and computer storage medium Active CN111858020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910364782.XA CN111858020B (en) 2019-04-30 2019-04-30 User resource limiting method and device and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910364782.XA CN111858020B (en) 2019-04-30 2019-04-30 User resource limiting method and device and computer storage medium

Publications (2)

Publication Number Publication Date
CN111858020A true CN111858020A (en) 2020-10-30
CN111858020B CN111858020B (en) 2024-01-26

Family

ID=72965116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910364782.XA Active CN111858020B (en) 2019-04-30 2019-04-30 User resource limiting method and device and computer storage medium

Country Status (1)

Country Link
CN (1) CN111858020B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806011A (en) * 2021-08-17 2021-12-17 曙光信息产业股份有限公司 Cluster resource control method and device, cluster and computer readable storage medium
CN113821306A (en) * 2021-09-24 2021-12-21 湖北亿咖通科技有限公司 Resource isolation method and device and terminal equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586970A (en) * 2018-12-13 2019-04-05 新华三大数据技术有限公司 Resource allocation methods, apparatus and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586970A (en) * 2018-12-13 2019-04-05 新华三大数据技术有限公司 Resource allocation methods, apparatus and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806011A (en) * 2021-08-17 2021-12-17 曙光信息产业股份有限公司 Cluster resource control method and device, cluster and computer readable storage medium
CN113806011B (en) * 2021-08-17 2023-12-19 曙光信息产业股份有限公司 Cluster resource control method and device, cluster and computer readable storage medium
CN113821306A (en) * 2021-09-24 2021-12-21 湖北亿咖通科技有限公司 Resource isolation method and device and terminal equipment
CN113821306B (en) * 2021-09-24 2023-09-05 亿咖通(湖北)技术有限公司 Resource isolation method, device and terminal equipment

Also Published As

Publication number Publication date
CN111858020B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
CN108427649B (en) Access management method, terminal device, system and storage medium of USB interface
EP3101870A1 (en) Storage resource scheduling method and storage calculation system
CN108021400B (en) Data processing method and device, computer storage medium and equipment
CN102622311A (en) USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system
CN105446813A (en) Resource distribution method and device
CN109923547B (en) Program behavior monitoring device, distributed object generation management device, storage medium, and program behavior monitoring system
US10977049B2 (en) Installing of operating system
CN108234551B (en) Data processing method and device
CN111858020B (en) User resource limiting method and device and computer storage medium
US20150154413A1 (en) Managing Document Revisions
CN113010265A (en) Pod scheduling method, scheduler, memory plug-in and system
CN114826749A (en) Interface access control method, device and medium
CN111274561A (en) Identity management method, device, equipment and storage medium
CN114356521A (en) Task scheduling method and device, electronic equipment and storage medium
CN113467895A (en) Docker operation method, device, server and storage medium
CN104216834A (en) Internal storage assess method, buffering scheduler and internal storage module
CN113285843A (en) Container network configuration method and device, computer readable medium and electronic equipment
EP2673704A1 (en) Method and apparatus for moving a software object
CN111399999A (en) Computer resource processing method and device, readable storage medium and computer equipment
CN111885184A (en) Method and device for processing hot spot access keywords in high concurrency scene
CN108021801B (en) Virtual desktop-based anti-leakage method, server and storage medium
CN105144073A (en) Removable storage device identity and configuration information
CN105069081A (en) Shared resource access method and device
CN114465956B (en) Method and device for limiting flow rate of virtual machine, electronic equipment and storage medium
CN115686746A (en) Access method, task processing method, computing device, and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant