/ operating systems have the ability to limit the amount of various system resources available to a user process. These limitations include how many files a process can have open, how large of a the user can create, and how much memory can be used by the different components of the process such as the stack, data and text segments. ulimit is the used to accomplish this.

1 – About

Limiting user processes is important for running a stable system. To limit user process, you have just to set shell limit by adding:

  • a user name
  • or group name
  • or all users

to /etc//limits.conf file and impose then process limitations.

Example of /etc/security/limits.conf file

*               hard    nofile          65535
*               soft    nofile          4096
@student        hard    nproc           16384
@student        soft    nproc           2047

A soft limit is like a warning and hard limit is a real max limit. For example, following will prevent anyone in the student group from having more than 50 processes, and a warning will be given at 30 processes.

@student        hard    nproc           50
@student        soft    nproc           30

Hard limits are maintained by the  while the soft limits are enforced by the shell.

2 – Syntax of the /etc/security/limits.conf file

The /etc/security/limits.conf file contains a list line where each line describes a limit for a user in the form of:

<domain> <type> <item> <shell limit value>

Where:

  • <domain> can be:
    • an user name
    • a group name, with @group syntax
    • the wildcard *, for default entry
    • the wildcard %, can be also used with %group syntax, for maxlogin limit
  • <type> can have the two values:
    • “soft” for enforcing the soft limits (soft is like warning)
    • “hard” for enforcing hard limits (hard is a real max limit)
  • <item> can be one of the following:
    • core – limits the core file size (KB)
  • <shell limit value> can be one of the following:
    • core – limits the core file size (KB)
    • data – max data size (KB)
    • fsize – maximum filesize (KB)
    • memlock – max locked-in-memory address space (KB)
    • nofile – Maximum number of open file descriptors
    • rss – max resident set size (KB)
    • stack – max stack size (KB) – Maximum size of the stack segment of the process
    • – max time (MIN)
    • nproc – Maximum number of processes available to a single user
    • as – address space limit
    • maxlogins – max number of logins for this user
    • maxsyslogins – max number of logins on the system
    • priority – the priority to run user process with
    • locks – max number of file locks the user can hold
    • sigpending – max number of pending signals
    • msgqueue – max memory used by POSIX message queues (bytes)
    • nice – max nice priority allowed to raise to
    • rtprio – max realtime priority
    • chroot – change to directory (-specific)

4 – How to

4.1 – Set the limitations

  • Open the /etc/security/limits.conf file and change the existing values for “hard” and “soft” parameters as it’s given in your installation documentation.
  • Restart the system after making changes.
# vi /etc/security/limits.conf
#[domain]        [type]  [item]  [value]

*               -       core             [value]
*               -       data             [value]
*               -       priority         [value]
*               -       fsize            [value]
*               soft    sigpending       [value] eg:57344
*               hard    sigpending       [value] eg:57444
*               -       memlock          [value]
*               -       nofile           [value] eg:1024
*               -       msgqueue         [value] eg:819200
*               -       locks            [value]
*               soft    core             [value]
*               hard    nofile           [value]
@[group]        hard    nproc            [value]
[user]          soft    nproc            [value]
%[group]        hard    nproc            [value]
[user]          hard    nproc            [value]
@[group]        -       maxlogins        [value]
[user]          hard    cpu              [value]
[user]          soft    cpu              [value]
[user]          hard    locks            [value]

[domain] can be:

  • an user name
  • a group name, with @group syntax
  • the wildcard *, for default entry
  • the wildcard %, can be also used with %group syntax, for maxlogin limit

[type] can have the two values:

  • soft” for enforcing the soft limits
  • hard” for enforcing hard limits

[item] can be one of the following:

  • core – limits the core file size (KB)
  • data – max data size (KB)
  • fsize – maximum filesize (KB)
  • memlock – max locked-in-memory address space (KB)
  • nofile – max number of open files
  • rss – max resident set size (KB)
  • stack – max stack size (KB)
  • cpu – max CPU time (MIN)
  • nproc – max number of processes
  • as – address space limit (KB)
  • maxlogins – max number of logins for this user
  • maxsyslogins – max number of logins on the system
  • priority – the priority to run user process with
  • locks – max number of file locks the user can hold
  • sigpending – max number of pending signals
  • msgqueue – max memory used by POSIX message queues (bytes)
  • nice – max nice priority allowed to raise to values: [-20, 19]
  • rtprio – max realtime priority

More details can be found from below command:

# man limits.conf

4.2 – Verify the limitations

To check the soft and hard limits, log as the user and enter the following ulimit command:

Limitation Soft Hard
file descriptor ulimit -Sn ulimit -Hn
number of processes available to a user ulimit -Su ulimit -Hu
stack ulimit -Ss ulimit -Hs

4.3 – Test the limitations

The following bash function:

:(){
 :|:&
};:

or

:(){ :|:& };:

is a recursive function and is often used by sys admin to test user processes limitations.

Print Friendly, PDF & Email

Comments

comments

Bài viết liên quan