limits.conf File To Limit Users, Process In Linux With Examples
Last Updated :
10 Feb, 2023
Linux gives full control over the system. In this article, we are going to learn about the file limits.conf. limits.conf is a configuration that is used to limit the resources to the user, groups. Now let's understand the file structure of limits.conf and how can we use the limits.conf to limit resources to the user. Before moving further, note that to edit this file, you must have root permission.
The complete path of the limits.config is :
/etc/security/limits.conf
pam_module is a module that uses ulimit command to apply limits from limits.conf file.
The basic syntax of the limits.conf file is :
<domain><type><item><value>
Now let's understand each field one by one
domain
In this field, we need to name whom we are going to limit. The following can be values of this field
- username
- group name
- * specifies all
- userid
- groupid
type
In this field, we mention which type of limits we are going to apply to the mentioned domain. This field has two values, soft or hard
- Hard: The user can not cross the mentioned values.
- Soft: User can cross the mentioned value till previse Hard value.
item
This field mentions which resource we are going to limit for the mentioned domain. Here are some values for this field
- core: limits the core file size in KB
- data: maximum data size in KB
- fsize: maximum file size in KB
- stack: maximum stack size in KB
- cpu: maximum CPU time is minuted
To see all values of this field, please read the man of limits.conf
value
This field stores the values for the mentioned limit.
Limit for user
Now let's see how we can limit the user by using the limits.conf file. We are going to understand this by taking an example. So to limit users, we need to mention username as a domain field. In this example, GFG is the user. After that we have to mention the type of limit, in this example, we set hard type. Now to set items first we are needed to choose any item from the available item so in this example, we have chosen to use CPU item. Now we have to mention value the value of item CPU is must be in minutes, so for this example let's mention the value as 10 minutes. Here is our limit :
gfg hard cpu 10
Limit for Group
To limit the group we can use the same format and value used for value and item but instead of username mention the group name. Here is one example with employee group
employee hard nproc 30
Using wildcards to apply limits
We had seen the one domain as the * (asterisk). To apply the limit to the whole system, we can use this wildcard domain. Here is an example with a wildcard to apply limited number of logins on the system.
* - maxsyslogins 20
After applying this limit, the maximum number of logins to the system is 20.
Specify User ID Range For Limit
When we want to specify one limit to the multiple users, but the users do not belong to the same group, we can specify the range of the user for which the limit has to apply. When we mention the user ID range, then the mentioned limit is applied to user IDs that belong to that range. To specify the range, use : operation. Here is an example:
1000:1020 hard nproc 50
This limit will be applied to the user IDs in the range of 1000 to 1020.
Specify Group ID Range For Limit
Same as for user IDs, when we have to apply the same limit to multiple group IDs we can specify the range of group IDs. Use the : operator to mention the range.
@500:505 soft cpu 10000
This limit will be applied to Group IDs in the range between 500 and 505.
Limit Number of Process
Now let's explore more items than mentioned above list. There is one item called nproc by using this option we can limit the number for the user or group ID. So limit the number of processes for user gfg use the following limit.
gfg hard nproc 50
After applying this limit, the user gfg will maximum own 50 processes.
Limit CPU Time
There is another item called cpu which is used to limit the CPU time for the mentioned user or group. So to limit the CPU time 1000 cycle to user gfg uses the following limit:
gfg soft cpu 0000
Limit Number Of Open File
nofile is an item by using which we can limit the maximum number of files that can be opened by the user. So to limit the maximum 227 number of files that can be opened by user gfg use the following limit
gfg hard nofile 227
Limit Number Of Logins
By default, systems allow us to unlimited logins on the system, but it can create a security issue. So to avoid the security issue, we can limit the number of logins of the user or group of users. We can use maxlogins item to limit the number of logins of users of groups to the system. So to limit 10 logins by the user group gfg, we can use the following limit:
@gfg - maxlogins 10
Limit Number Of System Logins
In the previous example, we see how we can limit the number of logins of the user group to the system. Now to limit the maximum number of logins to the whole system we can use maxsyslogins item. So to limit 50 maximum number of logins to the system use the following limit:
* - maxsyslogins 50
This limit is applied to the whole system and not for any specific user and group of users.
Limit Maximum File Size
We can limit the file size of the file by using the fsize item. This limit can be useful to restrict temp or similar usage type files. So to limit gfg having a single file size of 4 GB we can use the following limit:
@gfg - fsize 4000000
The file size is presented in the KB. Use the different domains and items to apply different limits on the user, system, and groups.
Now to know the limits on the process we can use the cat command with process PID to know process PID use ps command.
cat /proc/PID/limits
Here is example
The output is the same as the limits.conf file fields. To know more about the limits.conf file setting use man command
man limits.conf
Similar Reads
users command in Linux with Examples
users command in Linux system is used to show the user names of users currently logged in to the current host. It will display who is currently logged in according to FILE. If the FILE is not specified, use "/var/run/utmp". "/var/log/wtmp" as FILE is common. Syntaxusers [OPTION]... [FILE]where,OPTIO
2 min read
nproc Command in Linux with Examples
nproc It is a simple Unix command which is used to print the number of processing units available in the system or to the current process. This command could be used in system diagnostics and related purposes. It is part of GNU Core utils, so it comes pre-installed with all modern Linux operating sy
3 min read
usermod command in Linux with Examples
usermod command or modify user is a command in Linux that is used to change the properties of a user in Linux through the command line. After creating a user we have to sometimes change their attributes like password or login directory etc. so in order to do that we use the Usermod command. The info
4 min read
Ulimit, Soft Limits and Hard Limits in Linux
ulimit is admin access required Linux shell command which is used to see, set, or limit the resource usage of the current user. It is used to return the number of open file descriptors for each process. It is also used to set restrictions on the resources used by a process. Syntax: To check the ulim
2 min read
username Command in Linux With Examples
Linux as an operating system holds the capabilities of handling multiple users each with a username and a display name (Full Name). So it is important to keep a check on the users and their related information in order to maintain the integrity and security of the system. Whenever a user is added it
4 min read
iptables command in Linux with Examples
The iptables command in Linux is a powerful tool that is used for managing the firewall rules and network traffic. It facilitates allowing the administrators to configure rules that help how packets are filtered, translated, or forwarded. On using this iptables, you can set up security policies to c
7 min read
setsid command in Linux with Examples
setsid command in Linux system is used to run a program in a new session. The command will call the fork(2) if already a process group leader. Else, it will execute a program in the current process. The main advantage of using 'setsid' is that it allows programs to run independently of the terminal
3 min read
Finger command in Linux with Examples
The 'finger' command is a powerful utility in Linux used to display information about users logged into the system. This command is commonly used by system administrators to retrieve detailed user information, including login name, full name, idle time, login time, and sometimes the user's email add
4 min read
sudo Command in Linux with Examples
sudo (Super User DO) command in Linux is generally used as a prefix for some commands that only superusers are allowed to run. If you prefix any command with "sudo", it will run that command with elevated privileges or in other words allow a user with proper permissions to execute a command as anoth
8 min read
read command in Linux with Examples
read command in the Linux system is used to read from a file descriptor. This command reads up the total number of bytes from the specified file descriptor into the buffer. If the number or count is zero, this command may detect errors. But on success, it returns the number of bytes read. Zero indic
3 min read