Defines process resource limits for users.
The /etc/security/limits file defines process resource limits for users. This file is an ASCII file that contains stanzas that specify the process resource limits for each user. These limits are set by individual attributes within a stanza.
Each stanza is identified by a user name followed by a colon, and contains attributes in the Attribute=Value form. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character. If you do not define an attribute for a user, the system applies default values.
If the hard values are not explicitly defined in the /etc/security/limits file but the soft values are, the system substitutes the following values for the hard limits:
Resource | Hard Value |
---|---|
Core Size | unlimited |
CPU Time | cpu |
Data Size | unlimited |
File Size | fsize |
Memory Size | unlimited |
Stack Size | 4194304 |
File Descriptors | unlimited |
Threads | unlimited |
Processes | unlimited |
If the hard values are explicitly defined but the soft values are not, the system sets the soft values equal to the hard values.
You can set the following limits on a user:
Limit | Description |
---|---|
fsize | Identifies the soft limit for the largest file a user's process can create or extend. |
core | Specifies the soft limit for the largest core file a user's process can create. |
cpu | Sets the soft limit for the largest amount of system unit time (in seconds) that a user's process can use. |
data | Identifies the soft limit for the largest process data segment for a user's process. |
stack | Specifies the soft limit for the largest process stack segment for a user's process. |
rss | Sets the soft limit for the largest amount of physical memory a user's process can allocate. This limit is not enforced by the system. |
nofiles | Sets the soft limit for the number of file descriptors a user process may have open at one time. |
threads | Sets the soft limit for the number of threads per process. |
nproc | Sets the soft limit for the number of processes per user. |
core_hard | Specifies the largest core file a user's process can create. |
cpu_hard | Sets the largest amount of system unit time (in seconds) that a user's process can use. |
data_hard | Identifies the largest process data segment for a user's process. |
fsize_hard | Identifies the largest file a user's process can create or extend. |
rss_hard | Sets the largest amount of physical memory a user's process can allocate. This limit is not enforced by the system. |
stack_hard | Specifies the largest process stack segment for a user's process. |
nofiles_hard | Sets the hard limit for the number of file descriptors a user process may have open at one time. |
threads_hard | Sets the hard limit for the number of threads per process. |
nproc_hard | Sets the hard limit for the number of processes per user. |
Except for the cpu, nofiles, threads, and nproc attributes, each attribute must be a decimal integer string that represents the number of 512-byte blocks allotted to a user. This decimal integer represents a 32-bit value and can have a maximum value of 2147483647. The cpu and nofiles attributes represent the maximum number of seconds of system time that a user's process can use, and the maximum number of files a user's process can have open at one time. The threads attribute represents the maximum number of threads each process can create. The nproc attribute represents the maximum number of processes each user can create. For an example of a limits stanza, see the "Examples" section .
Access Control: This file should grant read (r) access to the root user and members of the security group, and write (w) access only to the root user. Access for other users and groups depends upon the security policy for the system.
Auditing Events:
Event | Information |
---|---|
S_LIMITS_WRITE | file name |
A typical record looks like the following example for user dhs:
dhs:
fsize = 8192
core = 4096
cpu = 3600
data = 1272
stack = 1024
rss = 1024
nofiles = 2000
threads = -1
nproc = -1
Item | Description |
---|---|
/etc/security/limits | Specifies the path to the file. |
/etc/group | Contains the basic group attributes. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/passwd | Contains the basic user attributes. |
/etc/security/passwd | Contains password information. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/environ | Contains the environment attributes of users. |
/etc/security/audit/config | Contains audit-system configuration information. |
/usr/lib/security/mkuser.default | Contains the default values for user accounts. |
/etc/security/lastlog | Contains last login information. |