Throttle Shared Users With OS X — Is It Possible?

whisper_jeff writes "I work in a design studio where the production director is also the owner's son (translation = he can do no wrong). He is fond of accessing a designer's computer via filesharing and working directly on files off of the designer's computers rather than transferring the files to his computer to work on them there. In so doing, he causes the designer's computer to grind to a near-halt as the harddrive is now tasked with his open/save requests along with whatever the designer is doing. Given that there is no way he's going to change his ways (since he doesn't see anything wrong with it...), I was wondering if there was a way to throttle a user's shared access to a computer (Mac OSX 10.5.8) so that his remote working would have minimal impact on our work. Google searches have revealed nothing helpful (maybe I should Bing it... :) so I was hoping someone with more technical expertise on Slashdot could offer a suggestion."

the correct solution

Disable file shares on workstations. Use a file server.

Re:the correct solution

[Captain+Splendid]

Disable file shares on workstations. Use a file server.

Well, that's the correct technical solution, but the real, supreme, correct decision is: Find a new job, and fast. Nothing good has ever come from challenging a coworker who enjoys immunity, especially when it's familial.

Re:the correct solution

[UID30]

What is this "b-ack-ups" you speak of? and a "fi-le ser-ver"? isn't it easier for everybody to just keep the most recent copy of their own work? if you need a file, you just have to wait for everyone to reply to your email saying when was the last time they edited the file and then you can look on their computer, copy the file, make your changes, and drop it right on the production server... amIright?

Re:the correct solution

[Thyamine]

This definitely would be a good solution.

But I like the 'Windows' method of solving the problem: reboot. When the co-worker has this sudden slow down on his system, reboot to clear up the 'resource problem'. Certainly a more vindictive way to solve the issue, but effective.

Re:the correct solution

[TheKidWho]

Yes, but you keep it organized at a single location, not fractured over 10 different computers.

Re:the correct solution

[SQLGuru]

Create a link from your machine to his. Save the file local to his machine instead of yours (via the link). Share out your link to him. He'll actually be taking the long way around back to his own box.

Re:the correct solution

[nine-times]

Having been in similar situations, I more or less agree.

There's no way around it: If the owner is really letting his son do whatever he wants, then any successful technical solution is likely to cause you real-world trouble. You may allow your designers to work better, but if the son goes complaining behind your back to the owner, you'll find yourself suffering more.

The real questions for this situation are (a) Is there any chance the owner is intelligent and reasonable enough for you to discuss the situation? and (b) If not, is your job otherwise good enough to tolerate a boss who's unprofessional enough to allow this sort of thing?

Re:the correct solution

[rjstanford]

Good point. If only Windows had allowed users to create folders within another folder, life would have been so much easier. Local machine administration FT...W?

Re:the correct solution

[amicusNYCL]

Right, multiple folders all over your harddrive are way easier to manage and find then making a bunch of subdirectories under My Documents.

Re:the correct solution

[Lunch2000]

I should add to my previous post, the other solution is to put an SSD on the designers computer.

Which is dumb because you just move the bottleneck to the system bus or network card

Re:the correct solution

[IronChef]

I had a similar problem a long time ago. One of the 3 partners running the joint was always poking around with file sharing, slowing the single expensive desktop publishing workstation down to a crawl. The perpetrator was the company's Fragile Genius and the other partners told us tough, there was no way they would ask him to modify his behavior.

Eventually, the Fragile Genius began locking himself in his office. There was one window that looked out into a common area, and he spray-painted it black. We believe it was about at this time he started smoking crack in his office.

He also had a kitten, which he rescued from the streets and then began to poison by feeding it nothing but raw hot dogs.

You think it's hard to stop the owner's son from doing anything wrong? Be glad it isn't the owner himself.

But honestly it was not the crack smoking that got the other partners to straighten this guy out. It was his cat peeing on their chairs.

Therefore, my advice is to give the boss's son a kitten and a pack of hot dogs, and maybe some black spray paint. If you know a crack dealer, an introduction may be fruitful.

Re:the correct solution

[satch89450]

You've never worked in a company with nepotism disease. I can tell. The OP said that getting the kid to do it the right way isn't going to happen.

Re:the correct solution

[TheRaven64]

Why inconvenience yourself? Just turn off file sharing for 30 seconds, then turn it back on. Same effect for him, no interruption for you. For extra fun, you can automate this in a couple of likes of AppleScript and run it in a cron job with osascript.

Re:the correct solution

If you move it to a file server and disable sharing he won't have a choice...he won't do things the right way by choice but given no alternative he will adapt. Call it a security patch, or a data integrity enhancements, or a productivity improvement for collaborative work and sell the concept to the boss as something totally different than a problem with his kid. Once sold disable the shares, move to a file server, and boom he doesn't have a choice but to adapt.

Nepotism is destructive and a problem. It is also unfightable so why try? You don't have to convince them to do they right thing through rational argument and education you just have to do the right thing and have the understand it is the right thing. If they understood all the details they wouldn't need you.

Re:the correct solution

[jimicus]

Which is why you don't pitch a file-server as being "to prevent the bosses' son can quit screwing my computer up".

You pitch it as "a more efficient way for us all to work, a lot easier to maintain in terms of backups..."

Re:the correct solution

[Wain13001]

Now go run more scripts, server monkey.

but he's a server monkey WITHOUT a server!

Haven't you been paying attention?!?!?!???

Re:the correct solution

[Cederic]

"You lost your updates to the file? How? What do you mean the network stopped responding? Hmm - better check the router"

"it happened again? This isn't good - I'll virus check my Mac" *cough*

"No, we can't find the cause. Yeah, it's bugging the hell out of me too"

Sure, boss' son isn't happy, but nobody is to blame except the technology. Maybe another approach would prove more durable...

Re:the correct solution

Yes, because an IT Admin that can't find the problem in the technology is TOTALLY demonstrating why he continues to be worth his salary.

NEVER PLAY DUMB. EVER. Unless you want your boss to think you are dumb.

Let me repeat: NEVER PLAY DUMB. Especially in an area that within which it is your responsibility to be knowledgeable.

DO be proactive and professional. Do your cost benefit analysis and present it. A file server has enough advantages here that it will easily be worth the money. If cost/benefit doesn't justify it and it's instead a personal gripe, get over it and move on.

Boss is a tightwad that won't spend the cash when it's of obvious benefit (and will make him more in the long run?) You need a new boss who has a more business-like mind. Until then, you can count on not seeing further raises once he feels like you get "enough".

Re:the correct solution

[CityZen]

Hotdogs have meat in them???

Re:the correct solution

[Rhinobird]

I could have sworn that hot dogs were precooked before packaging.

Re:the correct solution

[Nimey]

Lips and arseholes are technically meat.

Re:the correct solution

[nine-times]

Yeah, well... that's why I asked the question. However, if the boss isn't around too often and his son is somewhat manageable and the economy is falling apart and you have an otherwise good, high-paying job, you might not want to quit immediately.

If the boss isn't intelligent enough I wouldn't expect him or her to remain in business long

Meh. You really buy into the idea that success is determined by ability and virtue, or what? Like bad businesses never make money? If a company manages to stay afloat, it means the owner was smart and mature and professional?

Doesn't really work that way. You just need to be entrenched, be less incompetent than your direct competition, or have better connections than your competition. Sometimes it's better sales and marketing, worse product. Sometimes your boss is good at some things that really matter, but still an unprofessional irrational bastard. And sometimes your boss isn't so bad when you add it all up, but he's still not emotionally detached enough to stay rational when he thinks his son is being insulted.

Re:the correct solution

[Per+Wigren]

What exactly did you expect from a guy that starts his post with "This. "

That.

A suggestion...

[Earl+The+Squirrel]

Put a 10 MBit switch between his computer and the network... that'll do it... 8-)

Re:A suggestion...

[MightyMartian]

Any throttling is going to be noticed by this idiot, and if his old man is shit stupid to let him do this kind of thing anyways, you can be sure you'll be getting an unfriendly knock on the door about the slow network.

Disable file sharing on the workstations, go to a file server, tell the other guys to copy their own files over to do their work and let fuck brain fuck with the stuff on the file server. If you need a rationale, just say "We need to centralize our file store for better security and backups."

Re:A suggestion...

[gnasher719]

Any throttling is going to be noticed by this idiot, and if his old man is shit stupid to let him do this kind of thing anyways, you can be sure you'll be getting an unfriendly knock on the door about the slow network

It sound like you have to wait until you meet him in a dark alley until you can start throttling him.

Two Options

[eldavojohn]

Well, I don't think you want to mess with how the operating system handles its network and file system so you have two options. You can either throttle at the router or throttle at the neck. The router option requires you have a capable enough network router connecting you two in order to be able to write a rule for his machine (by IP address or machine name usually) that limits the amount of information he can transfer (I believe this is possible in DD-WRT and is called throttling or traffic shaping). This will cause his experience to become slow and he will most likely complain and bitch to daddy if he knows you did something.

The other option is throttling the neck of the user. This requires somewhat strong hands and forearms applying a pressure to the neck of the user until he stops moving or goes limp. It may result a decreased experience for the user, difficulty breathing, death and in some cases an erection. Use with caution and have an alibi.

Re:Two Options

[forand]

This sounds like an explanation given by someone on Black Adder.

W: Very well then. Three other paths are open to you. Three cunning plans to cure thy ailment.
E: Oh good.
W: The first is simple. Kill Bob!
E: Never.
W: Then try the second. Kill your self!
E: Neu. And the third?
W: The third is to ensure that no one else ever knows.
E: Ha, that sounds more like it. How?
W: Kill everybody in the whole world. Ah, ha, ha ...

Re:Two Options

[mysidia]

Just use traffic shaping, on the workstation itself

check dis out:

[riff420]

chmod the files so that only the appropriate user has read/write, and that the boss' son has read access. only allow him to replace the files in a different directory, so that you can evaluate the changes.

file server?

[InsertWittyNameHere]

Who cares about throttling. Why isn't your data on a file server? Especially if there's intentions to share it.

Re:file server?

[anlprb]

You missed the part where he said "design studio" and "OS X." Also, since he is posting to /. for the answer, the idea of knowing what he _should_ be doing in an IT role is a stretch. I don't know why any office with more than 1 computer wouldn't have a file server, but hey, don't even ask him when his last off-site backup was, he may cry.

Re:file server?

[DIplomatic]

It's always amazing how when someone doesn't know the answer to a question, they just claim the asker is completely wrong. e.g. Question: "How can I do 'X' in Windows?" Answer: "Switch to Linux." Thanks for helping so much.

Re:file server?

[Rand+Race]

Please come work for my design studio, someone who can pull multi-terabyte file-servers out of their ass will help my budgeting issues immensely.

Re:file server?

[anlprb]

You obviously have never heard of productivity. The more your people have it, the less it costs you to get work done, the faster you can get work out and the more you can bill. We work on T&M, we make sure our people can produce as much as possible to leave as much buffer room in to check work and then take on more. A worker waiting costs me more than any hardware it would take to fix the situation.

Centralizing using a NAS box as a file server wouldn't cost much more than your monthly budget for burnt coffee. Plan for success, work the plan, let the plan work for you and then succeed because of the plan. Sounds like you can't budget. This is a business we are talking about, not a home "design studio", right?

His solution would not cost more than a couple thousand at most. If the owner's son is still "doing work" then they are probably not big enough to be an medium business. This means their storage needs are pretty light, hence cheap.

Re:file server?

[martinX]

After a re-reading, I realised that the person asking the question doesn't describe themselves as a sys-admin. He said he "works in a design studio". So he might not have any real network responsibilities but might be looking to help a mate out.

Secondly, the ID10T causing the problems is the Production Director. He may be the boss's son, but in the company structure his position is over the top of just about everyone else. Technical issues should be taken to the Production Director first and foremost since it's part of his job to oversee productions.

Next: "He is fond of accessing a designer's computer via filesharing and working directly on files off of the designer's computers rather than transferring the files to his computer to work on them there."

So he isn't accessing the same files the designer is using at the same time, but accessing files for a project which he is allowed to do because he is the Production Director.

Why does the designer have all the files for a project that others working on the project (indeed others who actually direct the project) may need to use stored locally on his hard drive?

My advice is: don't take shortcuts. They'll only hurt you in the end. There is no such thing as a temporary fix, nor a permanent solution.

Re:file server?

[QuantumRiff]

Right, but from what I hear, apple actually has an awesome solution to deal with this problem: http://www.apple.com/server/storage/

Their raid systems are supposedly cheaper than most others.. and work very well from what I have heard from people using them.

I'm glad I'm not the only one

[dave562]

I want to throttle just about every OSX user I've ever met.

Re:I'm glad I'm not the only one

[dave562]

I'm glad that someone got a chuckle out of it before it was modded into oblivion. Those OSX users sure are a sensitive bunch.

Re:I'm glad I'm not the only one

[dave562]

Whatever. Why don't you go back to making some k-gay Web 2.0 animated graphics for your boyfriend's garage sale? Oh yeah, be sure to blog about it and update your Twitter feed so that all of your Facebook friends know where to go after they leave the coffee shop. ;)~

Re:I'm glad I'm not the only one

[biggerboy]

With so many women using Macs and iPhones, now I understand why you haven't had a date for a while.

Re:I'm glad I'm not the only one

[BikeHelmet]

Those OSX users sure are a sensitive bunch.

Most of the OSX users on slashdot probably use 2+ operating systems.

Simple Fix

[dyingtolive]

It's really easy, I swear:

Write a script that will hammer the everlasting fuck out of his shared drive when he's trying to do something. As (I assume) the IT department, he will complain to you. When he does, politely say, "Yeah, I think that can happen when users constantly access files on a remote shared drive. Someone must be doing that to your box. It really sucks, huh?"

When someone acts like a child, you must treat them like a child. Some people just have to find out what "Think about how that would make you feel" really means the hard way.

Re:Simple Fix

[ShadowRangerRIT]

Except you are responding to childish behavior by acting like a child yourself, not treating them like a child. When your child kicks you in the shin, you don't kick them back to demonstrate the error of their ways. Being an asshole and pretending you're not responsible is not a mature way of dealing with things. (I was about to write "...not an *adult* way of dealing with things," but as you've probably noticed, many adults are not mature)

Explain

[amicusNYCL]

Is it not possible to explain to this person the negative impact that his actions have? You explained it to us with one sentence:

In so doing, he causes the designer's computer to grind to a near-halt as the harddrive is now tasked with his open/save requests along with whatever the designer is doing.

Right after that line you say he doesn't see anything wrong with it. Have you not explained this to him?

And why are you sharing every workstation instead of using a single file server?

Re:Explain

[mikael_j]

Well, when it comes to people working with graphics they often use local storage as their primary "work storage" because it's faster (and when you're working with lots of large files this becomes critical if you want to retain your sanity) and then they just use the server for saving backups at the end of the day and for final production work. So a lot of times the actual work copy is always stored on the local workstation, this is especially true when dealing with video/animation as you can easily end up with insane amounts of data, if you're working on uncompressed 1080p video rendered as independent targa images (so you can easily re-render specific short runs of frames, very common when working with software like Maya and 3dsmax) you may be looking at roughly 7 GiB of data for 30 seconds of video (8 bit color with alpha and 30 fps), not the kind of thing you want to be pushing back and forth across the network all the time (even if you're just copying the data that's changed it ends up being pretty heavy).

tl;dr: People who work with CGI have datasets and a workflow that don't work well with using servers for data storage other than as an easy way to backup data.

/Mikael

Re:Explain

[IANAAC]

Designers are notorious for being retarded.

I wouldn't call them retarded, just focused elsewhere. Hell, the same could be said about pretty much any non-IT worker or home user using any operating system.

Unless it's their job to know better, most people won't.

Re:Explain

[QuantumRiff]

Or, you use a fiberchannel card, or iSCSI over your gigabit nic, and connect directly to your SAN...

Location, Location, Location

[pete-classic]

Store all the files on the offendor's computer. Let the other designers work off of his computer. Done!

But seriously, why should anyone be able to access anyone else's files? Secure everyone's computer. You should put shared files on a shared file server.

And why not use revision control?

-Peter

File Permissions

[DownWithTheMan]

Why not just set the file permissions to not allow write access - then said director will be forced to work on and save files locally..

ipfw

[thittesd0375]

You can configure a firewall rate limiting statement based on source ip address using ipfw. Then just have an applescript that toggles this than can be run as soon as you notice the computer getting slow.

Re:ipfw

[Culture20]

You can configure a firewall rate limiting statement based on source ip address using ipfw. Then just have an applescript that toggles this than can be run as soon as you notice the computer getting slow.

For bonus points, use fail2ban or similar to detect the slowness from some log or script, and have it apply the ipfw statement for 10 minute intervals.

IPFW should work

[AngusH]

Try using the advice in this tip: http://www.macosxhints.com/article.php?story=20080119112509736 which demonstrates bandwidth throttling by port number
but add a rule that limits by ip address as well as port number
see http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html for details of the ipfw rules
I haven't tried this combination myself but I can't see why it wouldn't work.

Re:IPFW should work

[AngusH]

Posted too soon :-(
It appears IPFW may not be able to filter AFP (file sharing) after all. Worth a try possibly, but may not work.

Sounds like info is missing, but here goes

[BitZtream]

His mac grinds to a halt due to samba? Lower the process priority of samba on the mac serving the files.

But the better question is, if these are shared files that he's working on, why aren't they on a central server thats made to serve files. Why are they on individual machines anyway? If your network is fast enough that it can make the server mac get loaded down with disk IO than its certainly fast enough to serve the files from a central share for both users anyway.

The solution is to throttle the 'workstations' file server by turning it off and moving the files to a proper server.

The hack'd solution is to realize that you're talking about a mac serving files ... which means samba ... which has all the power you need to limit the user in question to a sane rate.

man smb.conf and be prepared for lots of reading.

Re:Sounds like info is missing, but here goes

[jo_ham]

Why is it necessarily samba? If it's an all-Mac office, it could be AFP.

Re:Sounds like info is missing, but here goes

[Andy+Dodd]

Unfortunately, when you're dealing with disk I/O, you can have processes that use little CPU but severely degrade disk performance by beating on the disk.

Even if it's at low priority, any seeks at all to a part of the drive that normally wouldn't be accessed will hurt performance.

It's not a case of "90% of the disk throughput for app A and 10% for B" - the moment you introduce B, the total performance drops significantly due to seeking coming into play.

Wait, What?

[moosesocks]

Somehow, I find it surprising that you're managing to saturate a modern hard drive via a single network connection. Are you running extremely slow PCs on a ridiculously fast network? The workflow that you describe sounds pretty normal for a design studio.

Re:Wait, What?

[Big+Boss]

Most current Macs, even a few versions back, are quite quick machines dragging an anchor around in the form of a 5400RPM laptop hard drive. With multi-user access, seek times add up fast. Upgrading my Mac Mini to a mid-level SSD made it feel 10x faster. Now it's the stupid SATA1 interface slowing things down. Not much I can do about that.

Upgrading the machine to a "modern hard drive" would help a lot. Even in laptop form factor, 7200RPM is easy to come by. SSD is ideal, but design places tend to use big files, so an SSD might be too small.

Or, as suggested by every other reply, put up a real file server. A few mirrors stripped into a single big drive should give excellent performance.

Re:Wait, What?

[moosesocks]

I put a 7200 RPM hard drive in my mini, and definitely appreciated the speed boost, so I can definitely see where you're coming from. (And unlike the SSD, I ended up increasing my internal storage capacity, and didn't go broke in the process)

Of course, my own personal pet peeve with the Mini is its absurdly maximum memory capacity -- 2gb on early Intel models, 4gb on more recent models. This is barely acceptable for a laptop, let alone a (tiny) desktop.

Use IPFW, its built in

[gbrandt]

OS X uses ipfw as its firewall. Look up 'ipfw throttling' in google. If you don't want to edit ipfw files by hand, hunt out WaterRoof as well.

Throttle the port.

[googlesmith123]

You have to throttle the port the file sharing is running on. Probably 548 or/and 427. To throttle these ports you have to go into terminal and type this:

sudo ipfw pipe 1 config bw 15KByte/s
sudo ipfw add 1 pipe 1 src-port 548

To remove the throttling just type:
sudo ipfw delete 1

Source: http://www.macosxhints.com/article.php?story=20080119112509736
http://homepage.mac.com/car1son/static_port_fwd_firewall.html

Be assertive

[QuoteMstr]

This twit isn't your problem. Throttling him on your own initiative is both passive-aggressive and might overstep what the owner expects, which could land you in hot water. Don't do that. Here's what you do instead. Go to the owner's office and say the following:

I've been receiving complaints from some of the design staff about their computers slowing down and interfering with their work. The cause of the problem is the Production Director accessing files on designers' computers instead of copying them to his own. The hard drives on designer computers are not designed to accommodate two users accessing the files at once.

These slowdowns will persist unless we take action to correct the problem. If these remote accesses continue, we will need to increase the capacity of each designer's workstation at a cost of $A per machine for a total of $B. Another option would be to limit these remote accesses by implementing an automatic throttling system. That will take C hours of my time [optionally: at cost $D]." The last, which I recommend, is to create a new workflow for the Production Manager that ensures that designer computers are not overloaded.

What is your decision?

Re:Be assertive

[ccandreva]

I actually did a variation on this years ago (1988 or so) in a company running Novell. One of the servers was also acting as a router (it had two network cards and connected two 10base-2 segments). Every time someone did a database update, I got kicked off the network for an hour.

No one listened to me that this was a problem, so I just brought a book to the office, and when this happened, put my feet up on the desk and read.

It was only a few days of this before the owner of the company 'caught' me and goes nuts. I explained calmly the situation, that I couldn't work when an update was going on, and had been told there was no money to upgrade the server.

A new server was ordered that afternoon.

Re:Be assertive

[natehoy]

I like it. A lot. One small refinement. If you were worried about familial doucebaggery, you might even remove the specific job title of the person doing it, and fill out the explanation a tad.

"The cause of the problem is the Production Director accessing files on designers' computers instead of copying them to his own. The hard drives on designer computers are not designed to accommodate two users accessing the files at once."

becomes

"This problem occurs when two people need data at the same time on a specific designer workstation. One user is working at the workstation, and another will need to change a file that is located there, so the second user makes the changes remotely. The workstations simply aren't set up to handle that kind of usage, and it slows the workstation down considerably. We could upgrade the workstations at a cost of $X per station. We could also add a central file server where we can all share common project work, but that will cost $X. There is also a free way to reduce the impact of this - simply asking everyone to make local copies of everything they are working on."

Then you haven't blamed the kid for anything, merely pointed out that a practice that occurs within the office is having an impact, and that impact can be mitigated. No one, especially Dad, needs to know that Junior is the only one doing it, so you have given Junior a way to mend his ways without confrontation.

Lag Switch

[KevMar]

Give a few people lag switches.

http://images.google.com/images?q=lag+switch

it is a button on a network cord that when you press it the cord stops working. If he is working on another machine and it keeps giving him network errors, he will figure out another way.

wrong*2==right

[gandhi_2]

plant some weed in his desk and call the cops anon.

Mac Mini Server

[tepples]

You missed the part where he said "design studio" and "OS X."

Which raises the question: why don't they have a $1000 Mac Mini Server already?

Re:Mac Mini Server

[RedK]

First, the Mac Mini server has 2 drives capable of RAID1. Second, "laptop" hard drives are good enough for high end HP Integrity servers at 100k$ a pop, they're good enough for a small design shop. A lot of high end servers are moving to 2.5" drives for space reasons. Nothing inherently wrong with them.

be nice

[MrKaos]

Can't you just change the nice value of the process running the file server software and alter it's CPU priority, should work on MAC.

Check the nice manual page

Increment it slowly and he won't know whats going on (mu-ha ha)

No-win situation

[orev]

If the user already enjoys immunity due to nepotism, what do you think the boss will do to you if he finds out you are specifically targeting his favorite employee? You can't win here, not matter what you do.

Talking to the boss

[Midnight+Thunder]

I would wonder whether the designer has considered simply talking to the boss and explaining the impact in terms of dollars and hour?. If his boss does not try to correct his sons behaviour, then I would consider the throttling approach and then what other job opportunities there are. If this continual behaviour results in you wanting to leave the company, then you shouldn't really be worried about being getting fired for bringing the issue up with your boss.

Re:The answer to your question:

[TheRaven64]

The FreeBSD solution to this would be to use Netgraph to set his jitter to 0-5 seconds, so any file operation involving seeking became painfully slow, but copying was still fast. Netgraph, however, is not part of the XNU kernel. so this is not an option.

its easy ...demo the problem...Show the boss

[brisvegasdan]

Wait till the machine is slow..call the boss over and give him a demonstration of something that you have been working on that will get him excited. Have him wait around while the pizza wheel turns... apologise profusely, use task manager or look for active connections to track down the problem voila new computer or action

Throttling is not the answer

[Morpork]

All the 'throttle the process/port/ip' answers are wrong. I'm surprised people here can't see that.

The issue is that the idio^H^H^H^H user in question is using AFP/SMB/whatever to open the file, but that's the same process he would use to transfer the file over the network.

If you throttle the file server daemon to 10kbps/nice 20/whatever, all that will serve is to make network transfers excruciatingly slow to the point where he'll be complaining "but it takes _hours_ to copy the file over the network, which is why I work on it remotely".

If there is a throttling solution it is in allowing fast file copies while maintaining slow open/writes. I don't know that exists (at least at the user-manageable level). Read-only shares might help (that way he can't save his edits back) but will end up with fragmented file stores (and someone has to keep track of where the latest version of any file is).

You might be able to craft a possible solution via Mac OS X's ACLs - maybe write/add_file on the directory, but read-only files so he can create new files but not edit/save/overwrite existing files.

At the end of the day, though, without a network infrastructure change (e.g. a central file server) this problem isn't going to go away.

Some solutions

[goombah99]

If you have root access and the kid does not then there are some kludges you can do. For example, write a launchdaemon that runs
renice -n 20 -u kidsudername
every 5 minutes.

that will squish the CPU activity more than the Disk activity, but it should improve things a lot.

if you want to be a little passive aggressive you could move the login port to another port then put another process on that port that pipes to the real one but with a small delay. It will make the whole connection mysteriously intolerable. Again it's the launch agents that do this port mapping. so you move ssh from port 22 to port 5022. then have a job running that runs on port 22 and sends it to port 5022. if you don't want bother writing that socket process then you can fake it with
nice -20 ssh -C -L 5022:localhost:22 localhost
to connect the two ports on the local host. toss in some compression on the SSH connection to slow it down a little. and renice this ssh tunnel to 20 so it bogs if you are busy.

more solutions

[goombah99]

IN Leopard Apple went from ipfw to an application firewall. But ipfw is still there and can be run. you can configure ipfw to limit the bandwidth to specific IP addresses. Your problem is exactly what this is for.

http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x

THere is probably some way to do this with the application firewall too but I don't know how.

Change it in Launchd

[DigitalGodBoy]

This should help: sudo nano -w /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist Add in the following lines: LowPriorityIO This will cause the AFP server on the file share to have only spare access to the disk.

problem solved:

[goombah99]

how to set up ipfw in leopard:

see here and here:

http://www.netmojo.ca/2007/10/31/fixing-leopards-firewall/

http://securosis.com/blog/help-build-the-best-ipfw-firewall-rules-sets-ever

or use the GUI tool wateroof to configure the firewall.

add the rules decribed here:
http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x

then turn it on at boot like this:

http://lists.macosforge.org/pipermail/macports-users/2008-May/010337.html

and then turn off the application firewall in system preferences.

Throttled.

[0100010001010011]

Someone has already written an app to do all of this Throttled

About
throttled is a bandwidth shaping application for Mac OS X and FreeBSD which allows you to cap your upstream bandwidth, prioritize ACK packets, and keep your download speeds high even when your server is sending out at full speed.

Features
* Allows you to set a global bandwidth cap for all your applications, or multiple caps with different speeds to guarantee all your servers a certain amount of bandwidth.
* Allows you to setup wighted queues for your network data to guarantee low-latency ssh, telnet, etc connections on your server.
* Includes optimizations for many online games including Unreal Tournament 2004, World of Warcraft, Call of Duty, Ghost Recon, Starcraft, Warcraft II, Warcraft III, and Diablo II.
* Prioritizes TCP ACK packets to allow consistent bandwidth in both directions even under heavy server load.
* It uses almost no resources. CPU usage is around 0 - 3% and it uses less than 500k of RAM.
* Source code is freely available, and released under the GPL. Please read the COPYING file in the distribution.

[Disclaimer: I'm a friend of the guy who wrote it and did early early beta testing.]

nothing like ionice on Macs?

[bingoUV]

On linux, there is ionice which solves this problem conveniently. Just run the file-share program (e.g. ftp server, CIFS server etc.) with a lower IO priority, and there is no effect on the person working on it. Isn't there anything comparable for Macs?