1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
5 <refentry id='pam_limits'>
8 <refentrytitle>pam_limits</refentrytitle>
9 <manvolnum>8</manvolnum>
10 <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
13 <refnamediv id='pam_limits-name'>
14 <refname>pam_limits</refname>
16 PAM module to limit resources
20 <!-- body begins here -->
23 <cmdsynopsis id="pam_limits-cmdsynopsis">
24 <command>pam_limits.so</command>
26 conf=<replaceable>/path/to/limits.conf</replaceable>
44 <refsect1 id="pam_limits-description">
45 <title>DESCRIPTION</title>
47 The pam_limits PAM module sets limits on the system resources that can be
48 obtained in a user-session. Users of <emphasis>uid=0</emphasis> are affected
52 By default limits are taken from the <filename>/etc/security/limits.conf</filename>
53 config file. Then individual *.conf files from the <filename>/etc/security/limits.d/</filename>
54 directory are read. The files are parsed one after another in the order of "C" locale.
55 The effect of the individual files is the same as if all the files were
56 concatenated together in the order of parsing.
57 If a config file is explicitly specified with a module option then the
58 files in the above directory are not parsed.
61 The module must not be called by a multithreaded application.
64 If Linux PAM is compiled with audit support the module will report
65 when it denies access based on limit of maximum number of concurrent
70 <refsect1 id="pam_limits-options">
71 <title>OPTIONS</title>
75 <option>conf=<replaceable>/path/to/limits.conf</replaceable></option>
79 Indicate an alternative limits.conf style configuration file to
86 <option>debug</option>
90 Print debug information.
96 <option>set_all</option>
100 Set the limits for which no value is specified in the
101 configuration file to the one from the process with the
108 <option>utmp_early</option>
112 Some broken applications actually allocate a utmp entry for
113 the user before the user is admitted to the system. If some
114 of the services you are configuring PAM for do this, you can
115 selectively use this module argument to compensate for this
116 behavior and at the same time maintain system-wide consistency
117 with a single limits.conf file.
123 <option>noaudit</option>
127 Do not report exceeded maximum logins count to the audit subsystem.
134 <refsect1 id="pam_limits-types">
135 <title>MODULE TYPES PROVIDED</title>
137 Only the <option>session</option> module type is provided.
141 <refsect1 id="pam_limits-return_values">
142 <title>RETURN VALUES</title>
145 <term>PAM_ABORT</term>
148 Cannot get current limits.
153 <term>PAM_IGNORE</term>
156 No limits found for this user.
161 <term>PAM_PERM_DENIED</term>
164 New limits could not be set.
169 <term>PAM_SERVICE_ERR</term>
172 Cannot read config file.
177 <term>PAM_SESSION_ERR</term>
180 Error recovering account name.
185 <term>PAM_SUCCESS</term>
193 <term>PAM_USER_UNKNOWN</term>
196 The user is not known to the system.
203 <refsect1 id="pam_limits-files">
207 <term><filename>/etc/security/limits.conf</filename></term>
209 <para>Default configuration file</para>
215 <refsect1 id='pam_limits-examples'>
216 <title>EXAMPLES</title>
218 For the services you need resources limits (login for example) put a
219 the following line in <filename>/etc/pam.d/login</filename> as the last
220 line for that service (usually after the pam_unix session line):
225 # Resource limits imposed on login sessions via pam_limits
227 session required pam_limits.so
230 Replace "login" for each service you are using this module.
234 <refsect1 id="pam_limits-see_also">
235 <title>SEE ALSO</title>
238 <refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
241 <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
244 <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
249 <refsect1 id="pam_limits-authors">
250 <title>AUTHORS</title>
252 pam_limits was initially written by Cristian Gafton <gafton@redhat.com>