Linux - Resource Manager - Processes limitations (/etc/security/limits.conf)

About

Limiting user processes is important for running a stable system. To limit user process resource, you have just to set shell limit by adding:

  • a user name
  • or group name
  • or all users

to /etc/security/limits.conf file and impose then process limitations.

Example of /etc/security/limits.conf file

*               hard    nofile          65535
*               soft    nofile          4096
@student        hard    nproc           16384
@student        soft    nproc           2047

A soft limit is like a warning and hard limit is a real max limit. For example, following will prevent anyone in the student group from having more than 50 processes, and a warning will be given at 30 processes.

@student        hard    nproc           50
@student        soft    nproc           30

Hard limits are maintained by the kernel while the soft limits are enforced by the shell.

Syntax of the /etc/security/limits.conf file

The /etc/security/limits.conf file contains a list line where each line describes a limit for a user in the form of:

<domain> <type> <item> <shell limit value>

Where:

  • <domain> can be:
    • a group name, with @group syntax
    • the wildcard *, for default entry
    • the wildcard %, can be also used with %group syntax, for maxlogin limit
  • <type> can have two values:
    • “soft” for enforcing the soft limits (soft is like warning)
    • “hard” for enforcing hard limits (hard is a real max limit)
  • <item> can be one of the following:
    • core - limits the core file size (KB)
  • <shell limit value> can be one of the following:
    • core - limits the core file size (KB)
    • data - max data size (KB)
    • fsize - maximum filesize (KB)
    • memlock - max locked-in-memory address space (KB)
    • nofile - Maximum number of open file descriptors
    • rss - max resident set size (KB)
    • stack - max stack size (KB) - Maximum size of the stack segment of the process
    • cpu - max CPU time (MIN)
    • nproc - Maximum number of processes available to a single user
    • as - address space limit
    • maxlogins - max number of logins for this user
    • maxsyslogins - max number of logins on the system
    • priority - the priority to run user process with
    • locks - max number of file locks the user can hold
    • sigpending - max number of pending signals
    • msgqueue - max memory used by POSIX message queues (bytes)
    • nice - max nice priority allowed to raise to
    • rtprio - max realtime priority
    • chroot - change root to directory (Debian-specific)

How to

Set the limitations

  • Open the /etc/security/limits.conf file and change the existing values for “hard” and “soft” parameters as it's given in your installation documentation.
  • Restart the system after making changes.

If the current value for any parameter is higher than the value listed in the installation document, then do not change the value of that parameter.

*               hard    nofile          65535
*               soft    nofile          4096
*               hard    nproc           16384
*               soft    nproc           2047

Verify the limitations

To check the soft and hard limits, log as the user and enter the following ulimit command:

Limitation Soft Hard
file descriptor ulimit -Sn ulimit -Hn
number of processes available to a user ulimit -Su ulimit -Hu
stack ulimit -Ss ulimit -Hs

Test the limitations

The following bash function:

:(){
 :|:&
};:

or

:(){ :|:& };:

is a recursive function and is often used by sys admin to test user processes limitations.

Documentation / Reference





Discover More
Card Puncher Data Processing
Axon - Installation version 5.3

Disk: 200 GB Memory: 24 GB CPU Cores: 4 OS: RedHat Linux version 7.x Memory at least 16 GB memory available Applications: unzip, tar, RPM, In, setfacl, YUM, sed rpm package: apr-1.4.8 ...
Azure Firewall Public Ip Restriction
Azure - Oracle Database Manually Installation on Linux

The installation of the Oracle database on bare-bone Linux. For a quick an dirty installation, see Creation of a VM with Oracle Linux 7 Update 4 and a Standard_DS1_v2...
Card Puncher Data Processing
EBS - E-Business Suite 12.1.1 Standard Installation on Linux OEL 5.3

/appsutil/log/ /logs first line Oracle® E-Business Suite Installation Guide: Using Rapid Install Release 12.1 (12.1.1) Part...
Card Puncher Data Processing
Exalytics - Timesten Configuration

Timesten on Exalytics To set the resource limits for TimesTen: Make the following changes and additions to the /etc/security/limits.conf file: Make the following shared memory kernel settings in...
Process Explorer Handle Open File Search
File System - File Descriptor or Handle (Open File)

A file descriptor (Unix, Linux) or a file handle (Windows) is the connection id (generally to a file) from the Operating system in order to perform IO operations (Input/Ouput of Bytes). For Wikipedia,...
Linux - Process Resource Management

Process resource management in Linux process restriction: cgroups process priority: user restriction:
Linux - ulimit (shell ressource control)

the soft limit freely in the range of 0... the hard limit too, but can only decrease it. limits.conf“”
Obi Edition
OBIEE 10G - Linux OEL 5 x86 Installation version 10.1.3.4.1

Open the Set the JavaHome parameter to the point to the new JDK location. For example, . tail Oracle BI Java Host start-up details: /usr/local/OracleBIData/web/log/javahost.out.log Oracle BI Java...
Obiee 11.1 Internet Explorer 6 Not Supported
OBIEE 11g - Oracle Business Intelligence 11.1 Simple installation steps on Windows and OEL Linux 32 bit

Open the setSOADomainEnv.cmd file, located in your Update the PORT_MEM_ARGS entry as follows: set PORT_MEM_ARGS=-Xms512m -Xmx1024m Save the file and close. ;-) Oracle®...



Share this page:
Follow us:
Task Runner