/etc/security/limits.conf file. By setting appropriate limits, you ensure that no individual user can monopolize system resources—for instance, preventing any user from consuming 80% of the CPU.
Understanding the Limits Configuration File
The file located at/etc/security/limits.conf contains settings that control resource usage. It begins with several comments explaining the syntax and usage rules. As you scroll through the file, you will see sample entries akin to the following:
- Domain: Specifies the user or group.
- Type: Indicates whether the limit is
soft,hard, or both (using-). - Item: The resource being limited.
- Value: The maximum allowed value for the resource.
Domain Field
The domain field defines the scope of the limit:- Username: For example,
trinity. - Group Name: Denoted by a prefix
@(e.g.,@developers). - Asterisk (
*): Sets a default limit for all users not explicitly mentioned.
*) entry is used to impose a default CPU time limit of 5 minutes for every user unless overridden by a specific user configuration.
User-specific limits take precedence over global (
*) entries. For instance, if trinity has a defined limit, it will override the global settings.Detailed Examples of Configuration
Below is a detailed example illustrating how to set up different resource limits:Explanation of Limit Types
-
Hard Limit: The absolute maximum that cannot be exceeded.
Example: If set to 30 processes, the user cannot exceed that number. -
Soft Limit: The initial threshold applied at login. Users can temporarily raise the soft limit up to the hard limit as needed.
Example: A soft limit of 10 processes can be increased to a hard limit of 20 processes. -
Combined Limit (
-): Applies the same limit to both soft and hard categories simultaneously.
trinity:
trinity has a dedicated process limit, ensuring her settings override the defaults.
Now, explore a further example that demonstrates both soft and hard limits:
trinity initially has a soft limit of 10 processes but can temporarily raise it to 20. However, the combined limit (-) enforces a strict maximum of 20 processes upon login.
Common Resource Items
Some common items you might limit include:- nproc: Maximum number of concurrent processes.
- fsize: Maximum file size (in kilobytes). For example, 1024 KB equals 1 MB.
- cpu: CPU time limit in minutes. Note that a process running for 1 second at 100% CPU uses 1 second from the allocated CPU time, while 50% usage deducts 0.5 seconds.
Example Combined Configuration
The following YAML snippet represents a combined configuration example:Setting a Custom Limit Example
To restricttrinity to a maximum of 3 concurrent processes, find the following line in your configuration:
trinity using:
trinity is limited to 3 concurrent processes. Attempting to spawn a fourth process will trigger errors similar to:
trinity’s session, simply type:
Viewing and Adjusting Current Resource Limits
You can check your current resource limits using theulimit -a command, which displays all settings along with their units:
-u flag shows the maximum number of processes a user can run. To lower this limit (e.g., to 5000 processes), execute:
By default, a user can only decrease their limits. If both hard and soft limits exist, the soft limit can be increased up to the hard limit only once per session.
ulimit -a. Remember, any future commands can only lower the limit further unless restarted.
Conclusion
In this lesson, you have learned how to configure and enforce user resource limits in Linux through the/etc/security/limits.conf file. Properly managing these limits ensures balanced resource distribution among multiple users and maintains system stability.
For more information, refer to the Linux man pages and additional resources on system administration.