Friday, August 07, 2009

Set limits on users

The ulimit programs allow to limit system-wide resource use using a normal configuration file - /etc/security/limits.conf. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.

$ ulimit -a

core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 20
file size (blocks, -f) unlimited
pending signals (-i) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) unlimited
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

Example;

smartgeek hard nproc 20
@geeks hard nproc 50

Above will prevent user “smartgeek” to create more than 20 process and anyone in the geeks group from having more than 50 processes.

There are many more setting and limits that you can set on a particular user or to a entire group like ..

using below configuration will prevent any users in the system to logins not more than 3 places at same time.
* hard maxlogins 3

Limit on size of core file
* hard core 0

No comments: