AIX Study-AIX user resource access restriction configuration, aix-aix

AIX Study-AIX user resource access restriction configuration, aix-aix

AIX Study-AIX user access system resource limit Configuration

The system resource limits used by Aix users include hard limits and soft limits ). Hard limits has been introduced since Aix 4.1. Hard limits should be set by the Aix system administrator. Only members in the security Group can increase the value. Users can reduce the value but the change will expire as the user exits from the system.

Use the following command to view the limits of hard limits: ulimit-Hasoft limits is the upper limit of the system resources used by the Aix core. This value can be changed by anyone, but cannot exceed the hard limits value. Note that only the members of the security Group can make the changes take effect permanently. changes made by common Aix users will expire after they exit the system.

Run the following command to view the soft limits settings: ulimit-
The default values of soft limits are as follows:
 

 
 

  
  
3.2  
  
  
4.1-4.3 
  
  
===============  
  
  
=================  
  
  
fsize = 2097151 
  
  
fsize = 2097151 
  
  
core = 2048 
  
  
core = 2048 
  
  
cpu = 3600 
  
  
cpu = -1  
  
  
data = 131072 
  
  
data = 262144 
  
  
rss = 65536 
  
  
rss = 65536 
  
  
stack = 8192 
  
  
stack = 65536 
  
  
nofiles = 2000*   
  
  
nofiles=2000 * 
 
 

* This value (nofiles) can only be changed in Aix 4.3.1 or later versions.

The above definition is stored in the file/etc/security/limits as the default value, and takes effect after new users are added to the system. To directly change the definition value in this file, you need to restart the system for the change to take effect. "-1" indicates that the value is not limited by soft limits (unlimited ).

Next we will introduce each field one by one:
Fsize: the size limit of the file created by the user. This defined value (512 bytes in units) is the maximum size of files that can be generated by the user.
The size limit of the core file generated by the core (512 bytes ).
Cpu user process cpu limit (in seconds ). Normal users can only reduce this value, and root can increase this value. Note that the CPU usage time of a process depends on the Aix Kernel (core program) process scheduling algorithm. This value is for reference only.
Data Process data segment size limit (in bytes ).
Stack process stack segment size limit (in bytes ).
The limit of the resident memory segment of the rss process (in bytes ). The Aix core does not refer to this limitation.
The maximum number of files opened in nofiles. This limit is fixed in versions earlier than Aix 4.3.1 as 2000. This value can be increased to 32767 in Aix 4.3.1 and later versions.

In Aix users, the following three methods are used to modify the above limit:
1. edit the file/etc/security/limits and directly modify the defined values. This change takes effect after the system is restarted.

2. Run the command ulimit to modify the default value. For example:

 
 

  
  
ulimit -f value  
  
  
ulimit -c <value> 
  
  
ulimit -t <value> 
  
  
ulimit -d <value> 
  
  
ulimit -s <value> 
  
  
ulimit -m <value> 
  
  
ulimit -n <value> 
 
 

The soft limit values of fsize, core, cpu, data, stack, rss, and nofiles will be modified.

3. Run the command chuser to modify the limit value of a user. For example:

 
 

  
  
chuser fsize=<value> <username> 
  
  
chuser core=<value> <username 
  
  
chuser cpu=<value> <username> 
  
  
chuser data=<value> <username> 
  
  
chuser limit=<value> <username> 
  
  
chuser rss=<value> <username> 
  
  
chuser nofiles=<value> <username> 
 
 

Change the soft limits of user "username" to "value ".

 
 

  
  
chuser hard_fsize=<value> <username> 
  
  
chuser hard_core=<value> <username> 
  
  
chuser hard_cpu=<value> <username> 
  
  
chuser hard_data=<value> <username> 
  
  
chuser hard_limit=<value> <username> 
  
  
chuser hard_rss=<value> <username> 
  
  
chuser hard_nofiles=<value> <username>
 
 

Change the hard limits of user "username" to "value ".

You can use the smit tool to modify:

After modification, the configuration information will be written/Etc/security/limits

[Root @ aix211/] # cat/etc/security/limits

oracle:        fsize = -1        data = -1        stack = -1        core = -1

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.