The limits.conf file, along with files in the /etc/security/limits.d directory, controls how many system resources users can consume on a Linux system. This is handled by the pam_limits.so module and helps prevent a single user or process from monopolizing resources and affecting system stability.
WHAT ARE RESOURCE LIMITS?
Resource limits define how much of a system's resources a user or a group of users can use. These resources include things like:
CPU time: How long a process can use the processor.
Memory: How much RAM a process can occupy.
Open files: The maximum number of files a user can have open simultaneously.
Processes: The maximum number of programs or tasks a user can run.
Login sessions: The total number of times a user or group can be logged in.
HOW LIMITS.CONF WORKS
The limits.conf file uses a simple, four-column structure for each rule:
<domain> <type> <item> <value>
Let's break down each part:
DOMAIN: WHO THE LIMIT APPLIES TO
This specifies who the rule affects. It can be:
A specific username: e.g., john
A group: Use @groupname, e.g., @students.
Everyone: Use the wildcard *.
For login limits only: Use % for all system logins or %groupname for total logins for a specific group.
User ID (UID) ranges: e.g., 1000:2000 for users with UIDs between 1000 and 2000.
Group ID (GID) ranges: e.g., @100:200 for groups with GIDs between 100 and 200.
Specific GID for maxlogins: e.g., %:500 for users in the group with GID 500.
TYPE: HARD VS. SOFT LIMITS
This defines how strictly the limit is enforced:
hard: These are strict limits set by the system administrator. Users cannot exceed these limits.
soft: These are flexible limits that users can adjust downwards, but not above the hard limit. Think of them as default recommendations.
- (hyphen): Applies both soft and hard limits at the same time.
ITEM: WHAT RESOURCE IS BEING LIMITED
This specifies the resource you are limiting. Some common examples include:
core: Size of core dump files.
data: Maximum data segment size.
fsize: Maximum file size.
nofile: Maximum number of open files.
nproc: Maximum number of processes.
cpu: Maximum CPU time (in minutes).
maxlogins: Maximum number of simultaneous logins for a user.
maxsyslogins: Maximum number of simultaneous logins on the entire system.
priority: The "nice" priority of processes.
stack: Maximum stack size.
Most items support -1, unlimited, or infinity to mean no limit.
VALUE: THE LIMIT ITSELF
This is the numerical value for the limit you are setting, corresponding to the item. The units are usually specified in the item's description (e.g., KB for memory sizes, minutes for CPU time).
IMPORTANT CONSIDERATIONS
Per Login Session: Limits are applied when a user logs in and last only for that specific session. They are not system-wide permanent settings.
Individual Over Group: If a user has an individual limit set, it will override any group limits they are a part of.
Comments: Lines starting with # are comments and are ignored.
Error Reporting: The pam_limits module logs any configuration issues to syslog.
EXAMPLES
Here are a few common examples of how you might set limits:
* soft core 0
This sets the soft limit for core file size to 0 for all users. This prevents core dump files from being created by default.
* hard nofile 512
This sets a hard limit of 512 for the number of open files for all users. No user can open more than 512 files.
@student hard nproc 20
Users in the student group are limited to a hard maximum of 20 processes.
@faculty soft nproc 20
Users in the faculty group have a soft limit of 20 processes.
@faculty hard nproc 50
Users in the faculty group have a hard limit of 50 processes.
ftp hard nproc 0
The ftp user cannot run any processes.
@student - maxlogins 4
Users in the student group are limited to a maximum of 4 simultaneous logins (both soft and hard).
Understanding and configuring limits.conf is crucial for maintaining a stable and fair multi-user Linux environment.
The limits.conf file, along with files in the /etc/security/limits.d directory, controls how many system resources users can consume on a Linux system. This is handled by the pam_limits.so module and helps prevent a single user or process from monopolizing resources and affecting system stability.
WHAT ARE RESOURCE LIMITS?
Resource limits define how much of a system's resources a user or a group of users can use. These resources include things like:
CPU time: How long a process can use the processor.
Memory: How much RAM a process can occupy.
Open files: The maximum number of files a user can have open simultaneously.
Processes: The maximum number of programs or tasks a user can run.
Login sessions: The total number of times a user or group can be logged in.
HOW LIMITS.CONF WORKS
The limits.conf file uses a simple, four-column structure for each rule:
<domain> <type> <item> <value>
Let's break down each part:
DOMAIN: WHO THE LIMIT APPLIES TO
This specifies who the rule affects. It can be:
A specific username: e.g.,
johnA group: Use
@groupname, e.g.,@students.Everyone: Use the wildcard
*.For login limits only: Use
%for all system logins or%groupnamefor total logins for a specific group.User ID (UID) ranges: e.g.,
1000:2000for users with UIDs between 1000 and 2000.Group ID (GID) ranges: e.g.,
@100:200for groups with GIDs between 100 and 200.Specific GID for maxlogins: e.g.,
%:500for users in the group with GID 500.
TYPE: HARD VS. SOFT LIMITS
This defines how strictly the limit is enforced:
hard: These are strict limits set by the system administrator. Users cannot exceed these limits.soft: These are flexible limits that users can adjust downwards, but not above thehardlimit. Think of them as default recommendations.-(hyphen): Applies bothsoftandhardlimits at the same time.
ITEM: WHAT RESOURCE IS BEING LIMITED
This specifies the resource you are limiting. Some common examples include:
core: Size of core dump files.data: Maximum data segment size.fsize: Maximum file size.nofile: Maximum number of open files.nproc: Maximum number of processes.cpu: Maximum CPU time (in minutes).maxlogins: Maximum number of simultaneous logins for a user.maxsyslogins: Maximum number of simultaneous logins on the entire system.priority: The "nice" priority of processes.stack: Maximum stack size.
Most items support -1, unlimited, or infinity to mean no limit.
VALUE: THE LIMIT ITSELF
This is the numerical value for the limit you are setting, corresponding to the item. The units are usually specified in the item's description (e.g., KB for memory sizes, minutes for CPU time).
IMPORTANT CONSIDERATIONS
Per Login Session: Limits are applied when a user logs in and last only for that specific session. They are not system-wide permanent settings.
Individual Over Group: If a user has an individual limit set, it will override any group limits they are a part of.
Comments: Lines starting with
#are comments and are ignored.Error Reporting: The
pam_limitsmodule logs any configuration issues tosyslog.
EXAMPLES
Here are a few common examples of how you might set limits:
* soft core 0This sets the
softlimit for core file size to 0 for all users. This prevents core dump files from being created by default.
* hard nofile 512This sets a
hardlimit of 512 for the number of open files for all users. No user can open more than 512 files.
@student hard nproc 20Users in the
studentgroup are limited to ahardmaximum of 20 processes.
@faculty soft nproc 20Users in the
facultygroup have asoftlimit of 20 processes.
@faculty hard nproc 50Users in the
facultygroup have ahardlimit of 50 processes.
ftp hard nproc 0The
ftpuser cannot run any processes.
@student - maxlogins 4Users in the
studentgroup are limited to a maximum of 4 simultaneous logins (bothsoftandhard).
Understanding and configuring limits.conf is crucial for maintaining a stable and fair multi-user Linux environment.