2 .\" Author: [see the "AUTHOR" section]
3 .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5 .\" Manual: Linux-PAM Manual
6 .\" Source: Linux-PAM Manual
9 .TH "LIMITS\&.CONF" "5" "06/21/2011" "Linux-PAM Manual" "Linux\-PAM Manual"
10 .\" -----------------------------------------------------------------
11 .\" * (re)Define some macros
12 .\" -----------------------------------------------------------------
13 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14 .\" toupper - uppercase a string (locale-aware)
15 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17 .tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
19 .tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
21 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22 .\" SH-xref - format a cross-reference to an SH section
23 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33 .\" SH - level-one heading that works better for non-TTY output
34 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36 .\" put an extra blank line of space above the head in non-TTY output
43 .nr an-prevailing-indent \\n[IN]
47 .HTML-TAG ".NH \\n[an-level]"
49 .nr an-no-space-flag 1
51 \." make the size of the head bigger
56 .\" if n (TTY output), use uppercase
61 .\" if not n (not TTY), use normal case (not uppercase)
65 .\" if not n (not TTY), put a border/line under subheading
70 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71 .\" SS - level-two heading that works better for non-TTY output
72 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77 .nr an-prevailing-indent \\n[IN]
82 .nr an-no-space-flag 1
85 \." make the size of the head bigger
91 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92 .\" BB/BE - put background/screen (filled box) around block of text
93 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
106 .if "\\$2"adjust-for-leading-newline" \{\
114 .nr BW \\n(.lu-\\n(.i
117 .ie "\\$2"adjust-for-leading-newline" \{\
118 \M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
121 \M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
132 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133 .\" BM/EM - put colored marker in margin next to block of text
134 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
151 \M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
159 .\" -----------------------------------------------------------------
160 .\" * set default formatting
161 .\" -----------------------------------------------------------------
162 .\" disable hyphenation
164 .\" disable justification (adjust text to left margin only)
166 .\" -----------------------------------------------------------------
167 .\" * MAIN CONTENT STARTS HERE *
168 .\" -----------------------------------------------------------------
170 limits.conf \- configuration file for the pam_limits module
173 The syntax of the lines is as follows:
181 The fields listed above should be filled as follows:
207 syntax\&. This should not be confused with netgroups\&.
219 \fB*\fR, for default entry\&.
231 \fB%\fR, for maxlogins limit only, can also be used with
235 wildcard is used alone it is identical to using
237 with maxsyslogins limit\&. With a group specified after
239 it limits the total number of logins of all users that are member of the group\&.
250 an uid range specified as
251 \fI<min_uid>\fR\fB:\fR\fI<max_uid>\fR\&. If min_uid is omitted, the match is exact for the max_uid\&. If max_uid is omitted, all uids greater than or equal min_uid match\&.
262 a gid range specified as
263 \fB@\fR\fI<min_gid>\fR\fB:\fR\fI<max_gid>\fR\&. If min_gid is omitted, the match is exact for the max_gid\&. If max_gid is omitted, all gids greater than or equal min_gid match\&. For the exact match all groups including the user\'s supplementary groups are examined\&. For the range matches only the user\'s primary group is examined\&.
276 applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&.
287 resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&.
294 resource limits\&. These limits are ones that the user can move up or down within the permitted range by any pre\-existing
296 limits\&. The values specified with this token can be thought of as
298 values, for normal system usage\&.
307 resource limits together\&.
309 Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\&. \&.
318 limits the core file size (KB)
323 maximum data size (KB)
328 maximum filesize (KB)
333 maximum locked\-in\-memory address space (KB)
338 maximum number of open files
343 maximum resident set size (KB) (Ignored in Linux 2\&.4\&.30 and higher)
348 maximum stack size (KB)
353 maximum CPU time (minutes)
358 maximum number of processes
363 address space limit (KB)
368 maximum number of logins for this user except for this with
374 maximum number of all logins on system
379 the priority to run user process with (negative values boost process priority)
384 maximum locked files (Linux 2\&.4 and higher)
389 maximum number of pending signals (Linux 2\&.6 and higher)
394 maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher)
399 maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) values: [\-20,19]
404 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
408 All items support the values
413 indicating no limit, except for
418 If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value
420 is used, the module will reject the login if a limit could not be set\&.
422 In general, individual limits have priority over group limits, so if you impose no limits for
424 group, but one of the members in this group have a limits line, the user will have its limits set according to this line\&.
426 Also, please note that all limit settings are set
427 \fIper login\fR\&. They are not global, nor are they permanent; existing only for the duration of the session\&.
431 configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\&.
433 The pam_limits module does report configuration problems found in its configuration file and errors via
437 These are some example lines which might be specified in
438 \FC/etc/security/limits\&.conf\F[]\&.
449 .BB lightgray adjust-for-leading-newline
454 @student hard nproc 20
455 @faculty soft nproc 20
456 @faculty hard nproc 50
458 @student \- maxlogins 4
461 600:700 hard locks 10
463 .EB lightgray adjust-for-leading-newline
483 pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>