Slashdot Mirror
Throttle Shared Users With OS X — Is It Possible?
whisper_jeff writes "I work in a design studio where the production director is also the owner's son (translation = he can do no wrong). He is fond of accessing a designer's computer via filesharing and working directly on files off of the designer's computers rather than transferring the files to his computer to work on them there. In so doing, he causes the designer's computer to grind to a near-halt as the harddrive is now tasked with his open/save requests along with whatever the designer is doing. Given that there is no way he's going to change his ways (since he doesn't see anything wrong with it...), I was wondering if there was a way to throttle a user's shared access to a computer (Mac OSX 10.5.8) so that his remote working would have minimal impact on our work. Google searches have revealed nothing helpful (maybe I should Bing it... :) so I was hoping someone with more technical expertise on Slashdot could offer a suggestion."
Well, I don't think you want to mess with how the operating system handles its network and file system so you have two options. You can either throttle at the router or throttle at the neck. The router option requires you have a capable enough network router connecting you two in order to be able to write a rule for his machine (by IP address or machine name usually) that limits the amount of information he can transfer (I believe this is possible in DD-WRT and is called throttling or traffic shaping). This will cause his experience to become slow and he will most likely complain and bitch to daddy if he knows you did something.
The other option is throttling the neck of the user. This requires somewhat strong hands and forearms applying a pressure to the neck of the user until he stops moving or goes limp. It may result a decreased experience for the user, difficulty breathing, death and in some cases an erection. Use with caution and have an alibi.
My work here is dung.
chmod the files so that only the appropriate user has read/write, and that the boss' son has read access. only allow him to replace the files in a different directory, so that you can evaluate the changes.
Store all the files on the offendor's computer. Let the other designers work off of his computer. Done!
But seriously, why should anyone be able to access anyone else's files? Secure everyone's computer. You should put shared files on a shared file server.
And why not use revision control?
-Peter
You can configure a firewall rate limiting statement based on source ip address using ipfw. Then just have an applescript that toggles this than can be run as soon as you notice the computer getting slow.
Try using the advice in this tip: http://www.macosxhints.com/article.php?story=20080119112509736 which demonstrates bandwidth throttling by port number
but add a rule that limits by ip address as well as port number
see http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html for details of the ipfw rules
I haven't tried this combination myself but I can't see why it wouldn't work.
I'm glad that someone got a chuckle out of it before it was modded into oblivion. Those OSX users sure are a sensitive bunch.
OS X uses ipfw as its firewall. Look up 'ipfw throttling' in google. If you don't want to edit ipfw files by hand, hunt out WaterRoof as well.
You have to throttle the port the file sharing is running on. Probably 548 or/and 427. To throttle these ports you have to go into terminal and type this:
sudo ipfw pipe 1 config bw 15KByte/s
sudo ipfw add 1 pipe 1 src-port 548
To remove the throttling just type:
sudo ipfw delete 1
Source: http://www.macosxhints.com/article.php?story=20080119112509736
http://homepage.mac.com/car1son/static_port_fwd_firewall.html
Say NO to unpaid Internships!
Well, when it comes to people working with graphics they often use local storage as their primary "work storage" because it's faster (and when you're working with lots of large files this becomes critical if you want to retain your sanity) and then they just use the server for saving backups at the end of the day and for final production work. So a lot of times the actual work copy is always stored on the local workstation, this is especially true when dealing with video/animation as you can easily end up with insane amounts of data, if you're working on uncompressed 1080p video rendered as independent targa images (so you can easily re-render specific short runs of frames, very common when working with software like Maya and 3dsmax) you may be looking at roughly 7 GiB of data for 30 seconds of video (8 bit color with alpha and 30 fps), not the kind of thing you want to be pushing back and forth across the network all the time (even if you're just copying the data that's changed it ends up being pretty heavy).
tl;dr: People who work with CGI have datasets and a workflow that don't work well with using servers for data storage other than as an easy way to backup data.
/Mikael
Greylisting is to SMTP as NAT is to IPv4
IN Leopard Apple went from ipfw to an application firewall. But ipfw is still there and can be run. you can configure ipfw to limit the bandwidth to specific IP addresses. Your problem is exactly what this is for.
http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x
THere is probably some way to do this with the application firewall too but I don't know how.
Some drink at the fountain of knowledge. Others just gargle.
how to set up ipfw in leopard:
see here and here:
http://www.netmojo.ca/2007/10/31/fixing-leopards-firewall/
http://securosis.com/blog/help-build-the-best-ipfw-firewall-rules-sets-ever
or use the GUI tool wateroof to configure the firewall.
add the rules decribed here:
http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x
then turn it on at boot like this:
http://lists.macosforge.org/pipermail/macports-users/2008-May/010337.html
and then turn off the application firewall in system preferences.
Some drink at the fountain of knowledge. Others just gargle.