Linux - Resource Manager - Processes limitations (/etc/security/limits.conf)

In a multi-user environment, it's essential to maintain stability and ensure that no single user can consume resources to the point of affecting others or the system itself. The /etc/security/limits.conf file in Linux is a powerful tool for controlling user resource limits. This guide will explain how to use this file to limit user processes and other resources.

Understanding /etc/security/limits.conf

The /etc/security/limits.conf file allows you to set hard and soft limits for various system resources. A hard limit is the maximum value a user cannot exceed, while a soft limit is essentially a warning level.

Syntax

Each line in the /etc/security/limits.conf file has the following syntax:

<domain> <type> <item> <value>

• <domain>: User, group (prefixed with @), or wildcard (*) for default.
• <type>: Hard (hard) or soft (soft) limit.
• <item>: Resource to limit (e.g., nproc for the number of processes).
• <value>: Numerical value of the limit.

Example Entries

*               hard    nofile          65535
*               soft    nofile          4096
@student        hard    nproc           16384
@student        soft    nproc           2047
@student        hard    nproc           50
@student        soft    nproc           30

These lines set the maximum number of open files and processes for all users and specific limits for users in the student group.

Setting the Limitations

1. Open /etc/security/limits.conf:
   Use your preferred text editor (like nano or vim) to edit the file.

2. Modify or Add Entries:
   Based on your requirements, modify existing entries or add new ones following the syntax mentioned above.

3. Save the File and Exit:
   Once you've made the changes, save the file and exit the editor.

4. Restart the System (Optional):
   While most changes will apply immediately or on a new session, a restart ensures all services and users are started with the new limits.

Verifying the Limitations

To verify the limits for a particular user, switch to that user and use the ulimit command:

• Check Soft Limit for File Descriptors:

  ulimit -Sn
  

• Check Hard Limit for File Descriptors:

  ulimit -Hn
  

• Check Soft Limit for User Processes:

  ulimit -Su
  

• Check Hard Limit for User Processes:

  ulimit -Hu
  

Testing the Limitations

The infamous fork bomb :(){ :|:& };: is a bash function that recursively creates copies of itself. It's often used to test process limitations. Warning: This script can make your system unresponsive. Use it only in a controlled environment.

1. Ensure you're in a safe test environment.
2. Run the Fork Bomb:

   :(){ :|:& };:
   

3. Observe the Behavior:
   The system should prevent the script from creating processes beyond the set limit.

Conclusion

Correctly setting user limits is a critical task for system administrators to ensure a stable and fair environment for all users. By configuring the /etc/security/limits.conf file, you can prevent individual users from over-consuming resources and maintain the overall health of the system. Always test changes in a controlled environment before applying them to a production system.