cgroup ubuntu 18.04 howto

Install required packages

apt install cgroup-tools

copy cgred.conf from examples

cp /usr/share/doc/cgroup-tools/examples/cgred.conf /etc/


group web2 {
cpu {
memory {
memory.limit_in_bytes = 1024m;

cpu.cfs_quota_us = 10000 equals to 10% cpu usage
memory.limit_in_bytes = 1024 equals to 1G of system memory


#<user>    <controllers>           <destination>
web2 cpu,memory web2

This will limit every process of the user web2 to 10% CPU and 1G of memory.

For testing use this commands:

/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
/usr/sbin/cgrulesengd -vvv

check if cgroup’s are working properly

cat /sys/fs/cgroup/cpu/web2/tasks
cat /sys/fs/cgroup/memory/web2/tasks

Here my systemd service files, install them the usual systemd way


Description=cgroup config parser

ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf



Description=cgroup rules generator cgconfigparser.service



reload systemd and start services

systemctl daemon-reload
systemctl enable cgconfigparser
systemctl enable cgrulesgend
systemctl start cgconfigparser
systemctl start cgrulesgend

Have fun!

WordPress Gravatar Emoji Gutenberg Google Fonts Spyware


After viewing some of Richard Stallman’s interviews I decided to check this blog for spyware. I’ve found some major problems with WordPress and privacy.

First were the Gravatars. I’ve simply disabled them in WordPress settings.

Settings -> Discussion -> Avatar Display

Second were the Google Fonts in the template. I’m using as template sparkling. In the child-template I’ve disabled the fonts of the theme. I simply set my own local font in style.css.

Third were the emoji’s.

Settings -> Writing -> Formatting -> Convert emoticons like :-) and :-P to graphics on display

Fourth and last is the Gutenberg Editor. It seems that WordPress uses in it’s core Google Fonts at least for the Gutenberg editor. I’ve found a plugin which does the job very well.

Discussion on Github about WordPress core

Have fun!

Archlinux SAMBA Fileserver Btrfs Qnap TS-459 PRO II

I’ve got an used half dead Qnap TS-459 PRO II in hands. The original Qnap OS won’t detect the installed disks not quite stable, due to a faulty Marvell SATA-Controller Chip.
The other Marvell SATA-Controller works fine. So only 2 of 4 disks are working.

Archlinux has very good btrfs support due to the fresh packages. Otherwise I would have used debian or ubuntu.

Problems with this special type of hardware:
*) Bios does not detect the connected disks on this devices, thus you only can boot from the internal USB device

You have to set /boot to the internal USB-Device

I’ve changed the /boot/grub/grub.cfg at the first line

set root='mduuid/daa55d04:df1b4f59:52419904:51489ef3'

set root='hd0,msdos1'

Now grub is reading it’s config files from that USB-Device.

WARNING! If you recreate your grub.conf with gurb-mkconfig -o /boot/grub/grub.cfg this change will be overwritten. I was to lazy to fix that :-)

Archlinux booting from Software-RAID you have to

mdadm --detail --scan >> /etc/mdadm.conf

vim /etc/mkinitcpio.conf

HOOKS=(base udev autodetect modconf block filesystems keyboard fsck mdadm btrfs)

mkinitcpio -p linux

mdadm will include the /etc/mdadm.conf in initramfs. I’m using btrfs for root and data partitions. Therefore I’ve added btrfs just in case :-). Normally it will be automatically included.

You also want some periodic check of your RAID consistency. This device has really old used disks built in. So I’ve “stolen” the checkarray script from an ubuntu installation and created a systemd timer


Description=Software RAID checkarray timer


Description=Software RAID checkarray service
ExecStart=/usr/local/sbin/checkarray --all --idle --quiet

Might you want to have lm_sensors support.
*) vim /etc/modules-load.d/sensors.conf
*) Install lm_sensors and run pwmconfig.

Fancontrol runs really nice on this board!

Here my samba config file if you need it. I’ve enabled samba audit for the “daten” share. Very handy to handle Crypto-Trojans faster and easier.

workgroup = nas01.local
server string = nas01
domain logons = No
domain master = No
printing = bsd
security = user
hosts allow =
printcap name = /dev/null
#Windows XP fix
lanman auth = yes
ntlm auth = yes
full_audit:failure = none
full_audit:success = mkdir rename unlink rmdir pwrite write
full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
full_audit:facility = local7
full_audit:priority = NOTICE

comment = daten
hosts allow =
path = /daten/samba/daten
read only = No
valid users = daten
available = yes
create mode = 0644
directory mode = 0755
vfs objects = full_audit

comment = daten
hosts allow =
path = /daten/samba/backup
read only = No
valid users = backup
available = yes
create mode = 0644
directory mode = 0755

comment = daten
hosts allow =
path = /daten/.snapshots
force user = root
valid users = daten
read only = yes
available = yes

I’ve enabled btrfs snapshots with snapper and the corresponding systemd-timers of the Archlinux package. Useful if you want to recover accidentally deleted or overwritten files

WARNING! Snapshots do not replace a real Backup!

This device has also an LCD Display. Someone has written a very good ksh script dealing with it.

I don’t need all of this goodness. So I wrote my on crappy script to display only the Information I need :-) It does what it should do :-)

Have fun!