/etc/security/limits.conf
file in Linux is a powerful tool for controlling user resource limits. This guide will explain how to use this file to limit user processes and other resources.Understanding /etc/security/limits.conf
The /etc/security/limits.conf
file allows you to set hard and soft limits for various system resources. A hard limit is the maximum value a user cannot exceed, while a soft limit is essentially a warning level.
Syntax
Each line in the /etc/security/limits.conf
file has the following syntax:
<domain> <type> <item> <value>
<domain>
: User, group (prefixed with @), or wildcard (*) for default.<type>
: Hard (hard
) or soft (soft
) limit.<item>
: Resource to limit (e.g.,nproc
for the number of processes).<value>
: Numerical value of the limit.
Example Entries
* hard nofile 65535 * soft nofile 4096 @student hard nproc 16384 @student soft nproc 2047 @student hard nproc 50 @student soft nproc 30
These lines set the maximum number of open files and processes for all users and specific limits for users in the student
group.
Setting the Limitations
- Open
/etc/security/limits.conf
:Use your preferred text editor (likenano
orvim
) to edit the file. - Modify or Add Entries:Based on your requirements, modify existing entries or add new ones following the syntax mentioned above.
- Save the File and Exit:Once you've made the changes, save the file and exit the editor.
- Restart the System (Optional):While most changes will apply immediately or on a new session, a restart ensures all services and users are started with the new limits.
Verifying the Limitations
To verify the limits for a particular user, switch to that user and use the ulimit
command:
- Check Soft Limit for File Descriptors:
ulimit -Sn
- Check Hard Limit for File Descriptors:
ulimit -Hn
- Check Soft Limit for User Processes:
ulimit -Su
- Check Hard Limit for User Processes:
ulimit -Hu
Testing the Limitations
The infamous fork bomb :(){ :|:& };:
is a bash function that recursively creates copies of itself. It's often used to test process limitations. Warning: This script can make your system unresponsive. Use it only in a controlled environment.
- Ensure you're in a safe test environment.
- Run the Fork Bomb:
:(){ :|:& };:
- Observe the Behavior:The system should prevent the script from creating processes beyond the set limit.
Conclusion
Correctly setting user limits is a critical task for system administrators to ensure a stable and fair environment for all users. By configuring the /etc/security/limits.conf
file, you can prevent individual users from over-consuming resources and maintain the overall health of the system. Always test changes in a controlled environment before applying them to a production system.