<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" id="owaParaStyle"></style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Are you using FreeSwitch to specify the user to runas or is this being done by systemd?
<div><br>
</div>
<div>In FreeSwitch you use the -u argument to specify the user and the -g argument to specify the group, if you do this then I assume running the service as root should be ok providing you've given FreeSwitch an alternative user and group (in our environment
we use the same for user and group).</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Shaun</div>
<div><br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div id="divRpF364464" style="direction: ltr;"><font face="Tahoma" size="2" color="#000000"><b>From:</b> freeswitch-users-bounces@lists.freeswitch.org [freeswitch-users-bounces@lists.freeswitch.org] on behalf of Bote Man [bote_radio@botecomm.com]<br>
<b>Sent:</b> 05 September 2015 04:28<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> Re: [Freeswitch-users] FS priority<br>
</font><br>
</div>
<div></div>
<div>
<div dir="ltr">
<div>I'm not sure how much nice level matters compared to scheduler priority. I ran a series of tests to find out what Priority and Nice level are reported by the 'top' utility.<br>
<br>
I ran the first 6 tests by using systemd to start FreeSWITCH, 3 times as user root with each of the FS priority flags, then 3 times as user freeswitch with each of the FS flags. Then I repeated that block of tests from the command line, 3 flags as root, 3 flags
as freeswitch. You won't believe what happened next!<br>
<br>
systemd starting FreeSWITCH as 'RUNAS' user with 'FLAG' command line priority flags to FS results in top showing priority 'PRI', nice level 'NICE' on a month-old install of Debian 8 on a bare metal Dell R320 server.<br>
<br>
RUNAS FLAG PRI NICE<br>
root -rp -2 -10<br>
root -np 39 19<br>
root -lp 39 19<br>
<br>
fs -rp -2 19<br>
fs -np 39 19<br>
fs -lp 39 19<br>
<br>
Run as root from command line<br>
root -rp -2 -10<br>
root -np 20 0<br>
root -lp 39 19<br>
<br>
Run as su=freeswitch from command line<br>
fs -rp 20 0<br>
fs -np 20 0<br>
fs -lp 39 19<br>
<br>
</div>
<div>Most processes show Priority of 20 so I assume that is considered "normal".<br>
<br>
</div>
<div>So it looks like the only way to get truly higher priority for a process is to run it as root, which I expected. Once the scheduler priority is at -2 (higher priority) I don't know whether the nice level even matters.<br>
<br>
</div>
<div>For now, the systemd unit file that I posted on Confluence runs as the freeswitch user so even with the -rp flag to FreeSWITCH it gets niced down to 19 which is the lowest level available for nice. Does this matter?<br>
<br>
</div>
<div>Is there a serious security concern running FreeSWITCH as root?<br>
<br>
</div>
<div>Thanks.<br>
<br>
</div>
Bote<br>
<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Sep 4, 2015 at 3:38 PM, Bote Man <span dir="ltr">
<<a href="mailto:bote_radio@botecomm.com" target="_blank">bote_radio@botecomm.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>Thanks for that. I was under the impression that systemd was throwing FreeSWITCH into the generic scheduling group and starving it of resources as a result, but when I manually ran ./freeswitch as root it still showed the same values.<br>
<br>
</div>
Running FS manually with -np yielded pri=20 nice=0 and System Monitor reports priority "normal"<br>
<br>
</div>
Running FS manually with -rp yielded pri=-2 nice=-10 and System Monitor reports priority "very high", same results as when FS was started without any priority switch on the command line.<br>
<br>
</div>
BUT! When I start FS with systemd it maintains priority=-2 but nice all the way down to 19 which is why System Monitor reports "very low". This happens even with the -rp switch specified in the unit file.<br>
<br>
</div>
I don't know how scheduling priority and nice level interact on Debian, but it looks like I have a new research project for this weekend, assuming this is truly something to be concerned about. Or is it?<br>
<br>
</div>
Thanks for the tips. I will report my findings to the list if I discover anything substantive.<br>
<br>
</div>
Bote<br>
<div>
<div>
<div>
<div><br>
<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div class="h5">On Fri, Sep 4, 2015 at 2:02 PM, Shaun Stokes <span dir="ltr"><<a href="mailto:shaun.stokes@itec-support.co.uk" target="_blank">shaun.stokes@itec-support.co.uk</a>></span> wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div>
<div class="h5">
<div lang="EN-US">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Hi Bote,
<div>
<div><br>
</div>
<div>I believe priority works in a similar way to metric (i.e. lower comes first), so <span style="font-size:10pt">-20 (most favorable scheduling) to +19 (least favorable scheduling).</span></div>
<div><br>
</div>
<div>
<pre style="font-family:monospace,Courier; padding:1em; border:1px dashed rgb(47,111,171); line-height:1.3em; font-size:12.8000001907349px; background-color:rgb(249,249,249)">-rp -- enable high(realtime) priority settings
-lp -- enable low priority settings
-np -- enable normal priority settings (system default)</pre>
</div>
<div>Source: <a href="https://wiki.freeswitch.org/wiki/Command_line" style="font-size:10pt" target="_blank">https://wiki.freeswitch.org/wiki/Command_line</a></div>
<div><br>
</div>
<div>Hope this helps.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Shaun<br>
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr>
<div style="direction:ltr"><font face="Tahoma" color="#000000" size="2"><b>From:</b>
<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a> [<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>]
on behalf of Bote Man [<a href="mailto:bote_radio@botecomm.com" target="_blank">bote_radio@botecomm.com</a>]<br>
<b>Sent:</b> 04 September 2015 15:54<br>
<b>To:</b> FreeSWITCH Users Help<br>
<b>Subject:</b> [Freeswitch-users] FS priority<br>
</font><br>
</div>
<div></div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">I’m trying to set the priority on a new FreeSWITCH installation built from master on Debian 8 running on bare metal. It is currently running at “very low” priority according to Resource Monitor in the GUI and ‘top’ reports FS is running
at priority = -2 (that’s negative two) and nice = 19</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">So with the way FreeSWITCH is now launched by systemd is it considered a service or a user application that is simply run in the background?
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">This affects how systemd treats its control groups and priority and how I will go about troubleshooting this.</p>
<p class="MsoNormal"><br>
Thanks.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Bote</p>
<p class="MsoNormal"> </p>
</div>
<br clear="all">
</div>
</div>
______________________________________________________________________<br>
This message has been checked for all known viruses by MessageLabs Virus Scanning Service.<br>
______________________________________________________________________<br>
</div>
</div>
</div>
</div>
</div>
<br clear="all">
______________________________________________________________________<br>
This message has been checked for all known viruses by MessageLabs Virus Scanning Service.<br>
______________________________________________________________________<br>
</div>
<br>
</div>
</div>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<br clear="both">
______________________________________________________________________<br>
This message has been checked for all known viruses by MessageLabs Virus Scanning Service.<br>
______________________________________________________________________<br>
</div>
</div>
</div>
</div>
<br clear="both">
______________________________________________________________________<BR>
This message has been checked for all known viruses by MessageLabs Virus Scanning Service.<BR>
______________________________________________________________________<BR>
</body>
</html>