How to limit logins and resource usage on Linux

Home > Search > How-to
  by

The ulimit -a (all) command can be used to view the current limits the system has. These limits are not on a user by user basis. Instead, these limits are system wide. 

[root@server1 ~]# ulimit -a
core file size           (blocks, -c) 0
data seg size            (kbytes, -d) unlimited
scheduling priority              (-e) 0
file size                (blocks, -f) unlimited
pending signals                  (-i) 15048
max locked memory        (kbytes, -l) 64
max memory size          (kbytes, -m) unlimited
open files                       (-n) 1024
pipe size             (512 bytes, -p) 8
POSIX message queues      (bytes, -q) 819200
real-time priority               (-r) 0
stack size               (kbytes, -s) 8192
cpu time                (seconds, -t) unlimited
max user processes               (-u) 4096
virtual memory           (kbytes, -v) unlimited
file locks                       (-x) unlimited

 

Notice the -a option lists the options for each particular limit. For example, max memory size uses the -m option. The ulimit -m option can then be used to only display max memory size for a user.

[root@server1 ~]# ulimit -m
unlimited

 

For each particular limit, a new limit can be set by using the ulimit -X int command (replace -X with the option you want to use, and replace int with the limit, such as 123456). For example, to change the limit on the maximum amount of memory that can used to 409200 KB:

[root@server1 ~]# ulimit -m 409200

 

It's important to understand the impact of making a change to a limit. You must be diligent, and do your research. For example, if you were to limit the number of processes to a very low number, such as 20 or 30, you may effectively "break" the system, as this could cause the system to no longer be able to start the process to produce the Terminal.


Limits can also be set in the /etc/security/limits.conf file. For example, to configure the system to only allow 5 users to be logged in at the same time:

*    hard    maxlogins    5

 

To only allow 3 members of the admins group to be logged in at the same time:

@admins    hard    maxlogins    3

 

Limits can also be set on the number of processes that can be run by a user or group. For example, to only allow Tim to run 50 processes:

Tim    hard    nproc    50

 

After reading the /etc/security/limit.conf file, the system will then also read files in the /etc/security/limits.d/ directory. 

@IT      hard    maxlogins    2

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments