Linux System Administration for Beginners
User and Group Management
Configure user resource limits
Managing resource usage per user prevents any single account from monopolizing CPU, memory, or processes. In this guide, you’ll learn how to configure limits via /etc/security/limits.conf
, verify them, and understand each directive.
Prerequisites
- A Linux distribution with PAM-enabled login (most modern distros).
sudo
privileges to edit/etc/security/limits.conf
.
1. Back Up and Open limits.conf
Warning
Always back up system configuration files before editing.
sudo cp /etc/security/limits.conf{,.bak}
Open the file for editing:
sudo vim /etc/security/limits.conf
You’ll see a template like:
#<domain> <type> <item> <value>
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
2. Understanding limits.conf Fields
limits.conf uses four fields per line:
Field | Description |
---|---|
domain | User (trinity ), group (@developers ), or * for all users. |
type | soft (initial limit), hard (maximum ceiling), or - (both soft & hard). |
item | Resource type (e.g., nproc , fsize , cpu ). |
value | Numeric limit (units vary per item). |
2.1 Domain
username
(e.g.,trinity
)- Group with
@
prefix (e.g.,@developers
) *
for every user not otherwise matched
Example: limit user trinity
to 10 processes:
trinity hard nproc 10
2.2 Type
hard
— absolute maximum (cannot be exceeded).soft
— initial/session limit (can increase up to hard).-
— sets bothsoft
andhard
.
# Hard only
trinity hard nproc 30
# Soft only
trinity soft nproc 10
# Both soft & hard
trinity - nproc 20
2.3 Item
Resource items you can limit:
Item | Description | Example |
---|---|---|
nproc | Max processes per user session | 10 |
fsize | Max file size (KB) | 1024 |
cpu | CPU time (minutes) | 1 |
core | Core dump file size (KB) | 0 |
rss | Resident set size (KB) | 10000 |
maxlogins | Max concurrent logins per user | 4 |
… | See man limits.conf | – |
Example: file-size and CPU restrictions for trinity
:
trinity hard fsize 1024 # 1 MB max file size
trinity hard cpu 1 # 1 minute CPU time
3. Exercise: Enforce a 3-Process Limit for “trinity”
Add the following (uncommented) line to
/etc/security/limits.conf
:trinity - nproc 3
Save and exit.
3.1 Verify the Limit
# Switch to trinity
sudo -iu trinity
# Attempt to list processes
ps | less
# Try spawning a fourth
ls -a | grep bash | less
logout
3.2 Check with ulimit
ulimit -a
# ...
# max user processes (-u) 3
You can adjust soft limits on the fly:
# Raise soft limit up to hard (if below hard)
ulimit -u 5000
Note
Changes take effect on new sessions. Log out and back in to apply updates.
Use ulimit -a
to inspect all current limits.
4. References and Further Reading
Watch Video
Watch video content