Linux Command to restrict user resources ulimit 1) Note: ulimit is used for resources occupied by shell startup processes. 2) Class: www.2cto.com shell built-in command 3) syntax format: ulimit [-acdfHlmnpsStvw] [size]
4) parameter Introduction:-H sets hardware resource limits. -S: Set software resource limits. -a: displays all current resource limits. -c size: sets the maximum value of the core file. unit: blocks-d size: set the maximum value of the data segment. unit: kbytes-f size: set the maximum value of the created file. unit: blocks-l size: set the maximum value of the locked process in the memory. unit: kbytes
-M size: set the maximum value of resident memory that can be used. unit: kbytes-n size: sets the maximum value of the file descriptor that can be opened at the same time by the kernel. unit: n-p size: sets the maximum value of the MPs queue buffer. unit: kbytes-s size: set the maximum value of the stack. unit: kbytes-t size: sets the maximum CPU usage time. unit: seconds-v size: sets the maximum value of virtual memory. unit: kbytes www.2cto.com limits. conf file limits. the conf file is the configuration file pam_limits.so in Linux PAM (plug-in Authentication module, Pluggable Authentication Modules) and is only applicable to a single session. Limits. the conf format is as follows (enable/etc/security/limits. conf, which has detailed usage): username | @ groupname type resource limitusername | @ groupname: sets the user name to be restricted. The difference between @ and username is added before the group name. You can also use wildcard * to restrict all users. Type: soft, hard, and-. soft indicates the setting value that takes effect for the current system. Hard indicates the maximum value that can be set in the system. Soft cannot be more restrictive than har. -Indicates that both soft and hard values are set. Resource: core-Restrict Kernel File Size date-maximum data size fsize-Maximum File Size memlock-maximum lock memory address space nofile-Maximum number of opened files rss-maximum persistent setting Size stack-Maximum stack size cpu-maximum CPU time in minutes noproc-Maximum number of processes as-address space limit maxlogins-the maximum number of users allowed to log on to limits. make sure that the pam_limits.so file is added to the Startup File. In www.2cto.com Linux, you can use the following three steps to restrict user system resources: 1. edit/etc/pam. d/login file, add the following statement session required/lib/security/pam_limits.so2 at its end. edit/etc/security/limits. conf file, add the following statement
* Hard rss sizeofmem * hard nproc maxNumberOfProcesses * hard as sizeofvirtualmem # In which sizeofmem and sizeofvirtualmem are numerical values, and the Unit is KB. maxNumberOfProcesses is also a numerical value. The unit is 3. restart the service, such as/etc/init. d/sshd restart