Limiting user processes is important for running a stable system. To limit user process resource, you have just to set shell limit by adding:
to /etc/security/limits.conf file and impose then process limitations.
Example of /etc/security/limits.conf file
* hard nofile 65535
* soft nofile 4096
@student hard nproc 16384
@student soft nproc 2047
A soft limit is like a warning and hard limit is a real max limit. For example, following will prevent anyone in the student group from having more than 50 processes, and a warning will be given at 30 processes.
@student hard nproc 50
@student soft nproc 30
Hard limits are maintained by the kernel while the soft limits are enforced by the shell.
The /etc/security/limits.conf file contains a list line where each line describes a limit for a user in the form of:
<domain> <type> <item> <shell limit value>
Where:
If the current value for any parameter is higher than the value listed in the installation document, then do not change the value of that parameter.
* hard nofile 65535
* soft nofile 4096
* hard nproc 16384
* soft nproc 2047
To check the soft and hard limits, log as the user and enter the following ulimit command:
Limitation | Soft | Hard |
---|---|---|
file descriptor | ulimit -Sn | ulimit -Hn |
number of processes available to a user | ulimit -Su | ulimit -Hu |
stack | ulimit -Ss | ulimit -Hs |
The following bash function:
:(){
:|:&
};:
or
:(){ :|:& };:
is a recursive function and is often used by sys admin to test user processes limitations.