1 <?xml version="1.0" encoding='UTF-8'?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
5 <refentry id="limits.conf">
8 <refentrytitle>limits.conf</refentrytitle>
9 <manvolnum>5</manvolnum>
10 <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
14 <refname>limits.conf</refname>
15 <refpurpose>configuration file for the pam_limits module</refpurpose>
18 <refsect1 id='limits.conf-description'>
19 <title>DESCRIPTION</title>
21 The syntax of the lines is as follows:
24 <replaceable><domain></replaceable> <replaceable><type></replaceable>
25 <replaceable><item></replaceable> <replaceable><value></replaceable>
28 The fields listed above should be filled as follows:
33 <option><domain></option>
44 a groupname, with <emphasis remap='B'>@group</emphasis> syntax.
45 This should not be confused with netgroups.
50 the wildcard <emphasis remap='B'>*</emphasis>, for default entry.
55 the wildcard <emphasis remap='B'>%</emphasis>, for maxlogins limit only,
56 can also be used with <emphasis remap='B'>%group</emphasis> syntax. If the
57 <emphasis remap='B'>%</emphasis> wildcard is used alone it is identical
58 to using <emphasis remap='B'>*</emphasis> with maxsyslogins limit. With
59 a group specified after <emphasis remap='B'>%</emphasis> it limits the total
60 number of logins of all users that are member of the group.
65 an uid range specified as <replaceable><min_uid></replaceable><emphasis
66 remap='B'>:</emphasis><replaceable><max_uid></replaceable>. If min_uid
67 is omitted, the match is exact for the max_uid. If max_uid is omitted, all
68 uids greater than or equal min_uid match.
73 a gid range specified as <emphasis
74 remap='B'>@</emphasis><replaceable><min_gid></replaceable><emphasis
75 remap='B'>:</emphasis><replaceable><max_gid></replaceable>. If min_gid
76 is omitted, the match is exact for the max_gid. If max_gid is omitted, all
77 gids greater than or equal min_gid match. For the exact match all groups including
78 the user's supplementary groups are examined. For the range matches only
79 the user's primary group is examined.
84 a gid specified as <emphasis
85 remap='B'>%:</emphasis><replaceable><gid></replaceable> applicable
86 to maxlogins limit only. It limits the total number of logins of all users
87 that are member of the group with the specified gid.
96 <option><type></option>
101 <term><option>hard</option></term>
104 for enforcing <emphasis remap='B'>hard</emphasis> resource limits.
105 These limits are set by the superuser and enforced by the Kernel.
106 The user cannot raise his requirement of system resources above such values.
111 <term><option>soft</option></term>
114 for enforcing <emphasis remap='B'>soft</emphasis> resource limits.
115 These limits are ones that the user can move up or down within the
116 permitted range by any pre-existing <emphasis remap='B'>hard</emphasis>
117 limits. The values specified with this token can be thought of as
118 <emphasis>default</emphasis> values, for normal system usage.
123 <term><option>-</option></term>
126 for enforcing both <emphasis remap='B'>soft</emphasis> and
127 <emphasis remap='B'>hard</emphasis> resource limits together.
130 Note, if you specify a type of '-' but neglect to supply the
131 item and value fields then the module will never enforce any
132 limits on the specified user/group etc. .
142 <option><item></option>
147 <term><option>core</option></term>
149 <para>limits the core file size (KB)</para>
153 <term><option>data</option></term>
155 <para>maximum data size (KB)</para>
159 <term><option>fsize</option></term>
161 <para>maximum filesize (KB)</para>
165 <term><option>memlock</option></term>
167 <para>maximum locked-in-memory address space (KB)</para>
171 <term><option>nofile</option></term>
173 <para>maximum number of open files</para>
177 <term><option>rss</option></term>
179 <para>maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher)</para>
183 <term><option>stack</option></term>
185 <para>maximum stack size (KB)</para>
189 <term><option>cpu</option></term>
191 <para>maximum CPU time (minutes)</para>
195 <term><option>nproc</option></term>
197 <para>maximum number of processes</para>
201 <term><option>as</option></term>
203 <para>address space limit (KB)</para>
207 <term><option>maxlogins</option></term>
209 <para>maximum number of logins for this user except
210 for this with <emphasis>uid=0</emphasis></para>
214 <term><option>maxsyslogins</option></term>
216 <para>maximum number of all logins on system</para>
220 <term><option>priority</option></term>
222 <para>the priority to run user process with (negative
223 values boost process priority)</para>
227 <term><option>locks</option></term>
229 <para>maximum locked files (Linux 2.4 and higher)</para>
233 <term><option>sigpending</option></term>
235 <para>maximum number of pending signals (Linux 2.6 and higher)</para>
239 <term><option>msgqueue</option></term>
241 <para>maximum memory used by POSIX message queues (bytes)
242 (Linux 2.6 and higher)</para>
246 <term><option>nice</option></term>
248 <para>maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19]</para>
252 <term><option>rtprio</option></term>
254 <para>maximum realtime priority allowed for non-privileged processes
255 (Linux 2.6.12 and higher)</para>
264 All items support the values <emphasis>-1</emphasis>,
265 <emphasis>unlimited</emphasis> or <emphasis>infinity</emphasis> indicating no limit,
266 except for <emphasis remap='B'>priority</emphasis> and <emphasis remap='B'>nice</emphasis>.
269 If a hard limit or soft limit of a resource is set to a valid value,
270 but outside of the supported range of the local system, the system
271 may reject the new limit or unexpected behavior may occur. If the
272 control value <emphasis>required</emphasis> is used, the module will
273 reject the login if a limit could not be set.
276 In general, individual limits have priority over group limits, so if
277 you impose no limits for <emphasis>admin</emphasis> group, but one of
278 the members in this group have a limits line, the user will have its
279 limits set according to this line.
282 Also, please note that all limit settings are set
283 <emphasis>per login</emphasis>. They are not global, nor are they
284 permanent; existing only for the duration of the session.
287 In the <emphasis>limits</emphasis> configuration file, the
288 '<emphasis remap='B'>#</emphasis>' character introduces a comment
289 - after which the rest of the line is ignored.
292 The pam_limits module does report configuration problems
293 found in its configuration file and errors via <citerefentry>
294 <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
298 <refsect1 id="limits.conf-examples">
299 <title>EXAMPLES</title>
301 These are some example lines which might be specified in
302 <filename>/etc/security/limits.conf</filename>.
307 @student hard nproc 20
308 @faculty soft nproc 20
309 @faculty hard nproc 50
311 @student - maxlogins 4
314 600:700 hard locks 10
318 <refsect1 id="limits.conf-see_also">
319 <title>SEE ALSO</title>
321 <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
322 <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
323 <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
324 <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
325 <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry>
329 <refsect1 id="limits.conf-author">
330 <title>AUTHOR</title>
332 pam_limits was initially written by Cristian Gafton <gafton@redhat.com>