Nice Priority – Why Can’t Renice Increase a Process’ Nice Value?

nicepriority

From man renice:

Users other than the super-user may only alter the priority of processes
they own, and can only monotonically increase their “nice value'' (for
security reasons) within the range 0 to PRIO_MAX (20) […]

So, I can renice my own processes upwards (give them lower priority) but never downwards:

$ renice 10 22316
22316 (process ID) old priority 0, new priority 10
$ renice 9 22316
renice: failed to set priority for 22316 (process ID): Permission denied

Why is this? I can understand why normal users cannot set nice values lower than 0, but why since I can decrease the priority to 10 can't I increase it again to 9? What "security reason" is there for this? I have the right to launch a process with a nice value of 9, so why can't I renice it to 9?

EDIT: I should learn to scroll down. Turns out this is listed as a bug in man renice:

BUGS
     Non super-users can not increase scheduling priorities of their own
     processes, even if they were the ones that decreased the priorities 
     in the first place.

That's even more confusing. If they consider this behavior to be a bug, why not change it? The renice command appeared in 4.0BSD which I think is from 1980. This should be very easy to fix so on the one hand they seem to have chosen to leave it and on the other they list it as a bug.

Best Answer

Since linux 2.6.12, that depends on the value of the RLIMIT_NICE limit (ulimit -e). Which can take values from 0 to 40. That limit is more the limit on the priority of the process (the greater that number, the higher the priority a user can set for a process).

You'll notice the default value is 20 on ubuntu 10.04 and 0 in Debian jessie for instance.

A value of n for that limit means that a process without the CAP_NICE capability can only increase a process priority to up to n, which means decrease niceness down to a niceness of 20 - n. So for a value of 0, that means no non-privileged user can lower the niceness below 20, so no non-privileged user can lower the niceness.

With a value of 20, non-privileged users can decrease the niceness back to 0.

It's up to the administrator to choose whether they allow users to lower their process priority, and to what level by setting the hard limit for that.

As to why an administrator may not want users to lower their process priority, see Flup's answer.

Related Solutions

What makes it possible for a `pulseaudio’ process to get the nice level of -11

PulseAudio requires higher priority than other desktop programs mainly to avoid latency problems and get a skip-free audio playback. But the process that allows PulseAudio to have a higher priority is rather complex.

To get this special priority, it uses the RealtimeKit (rtkit-daemon) process. This D-Bus service allows some user programs to use real-time scheduling and enforces some strict policies to prevent abuse:

Only clients with RLIMIT_RTTIME set will get RT scheduling.

RLIMIR_RTIME: Specifies a limit on the amount of CPU time that a process scheduled under a real-time scheduling policy may consume without making a blocking system call

RT scheduling will only be handed out to processes with SCHED_RESET_ON_FORK set to guarantee that the scheduling settings cannot 'leak' to child processes, thus making sure that 'RT fork bombs' cannot be used to bypass RLIMIT_RTTIME and take the system down.

SCHED_RESET_ON_FORK: If set this will make sure that when the process forks a) the scheduling priority is reset to DEFAULT_PRIO if it was higher and b) the scheduling policy is reset to SCHED_NORMAL if it was either SCHED_FIFO or SCHED_RR.

Limits are enforced on all user controllable resources, only a maximum number of users, processes, threads can request RT scheduling at the same time.

Only a limited number of threads may be made RT in a specific time frame.

Client authorization is verified with PolicyKit.

[...] it includes a canary-based watchdog that automatically demotes all real-time threads to SCHED_OTHER should the system overload despite the logic pointed out above. For more information regarding canary-based RT watchdogs [...]

More related information:

Linux – How to renice all threads (and children) of one process on Linux

You can use /proc/$PID/task to find all threads of a given process, therefore you can use

$ ls /proc/$PID/task | xargs renice $PRIO

to renice all threads belonging to a given process.

Same way /proc/$PID/task/$PID/children can be used to find all child processes (or /proc/$PID/task/*/children if you want all child processes of all threads of a given process).

$ cat /proc/$PID/task/$PID/children | xargs renice $PRIO
$ cat /proc/$PID/task/*/children | xargs renice $PRIO

Best Answer

Related Solutions

What makes it possible for a `pulseaudio’ process to get the nice level of -11

Linux – How to renice all threads (and children) of one process on Linux

Related Question