Skip to content

Ulimit: Using System Limits

Introduction

The ulimit programs allow to limit system-wide resource use using a normal configuration file - /etc/security/limits.conf. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.

Usage

Linux

1
ulimit -a

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 7671
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) 811664
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 7671
virtual memory          (kbytes, -v) 1175120
file locks                      (-x) unlimited

All these settings can be manipulated. A good example is this forkbomb that forks as many processes as possible and can crash systems where no user limits are set

Now this is not good - any user with shell access to your box could take it down. But if that user can only start 20 processes the damage will be minimal. So let's set a process limit of MAX 20 process for a particular users in the system, this can be done by inserting the simple one line in limit.conf file.

Following will prevent a "fork bomb" (/etc/security/limits.conf):

1
2
deimos hard nproc 20
@group1 hard nproc 50

Above will prevent user "deimos" to create more than 20 process and anyone in the group1 from having more than 50 processes.

There are many more setting and limits that you can set on a particular user or to a entire group like..

Using below configuration will prevent any users in the system to logins not more than 3 places at same time (/etc/security/limits.conf):

1
hard maxlogins 3

Limit on size of core file (/etc/security/limits.conf):

1
hard core 0

Solaris

To get all information:

1
ulimit -a

To display a process' current file descriptor limit, run:

1
/usr/proc/bin/pfiles pid

Remove the grep to see all files linked to a process.

To change the files descriptor for example:

1
ulimit -n 1024