Linux/etc/security/limits. conf

Source: Internet
Author: User

The Linux limits. conf configuration limits. conf file is actually the configuration file of pam_limits.so in Linux PAM (plug-in authentication module, pluggable authentication modules), and only for a single session.

The limits. conf format is as follows:

Username | @ groupname type resource limit

Username | @ groupname: Set the user name to be restricted. The group name is preceded by @ and the user name. You can also use wildcard * to restrict all users.

Type: soft, hard, and-. Soft indicates the setting value that takes effect for the current system. Hard indicates the maximum value that can be set in the system. Soft cannot be more restrictive than har. -Indicates that both soft and hard values are set.

Resource:

Core-restrict the size of kernel files

Date-maximum data size

Fsize-Maximum File Size

Memlock-maximum memory address space locked

Nofile-Maximum number of opened files

RSS-maximum persistent setting size

Stack-maximum stack size

CPU-maximum CPU time in minutes

Noproc-Maximum number of processes

As-address space limit

Maxlogins-Maximum number of logins allowed by this user

To make the limits. conf file take effect, make sure that the pam_limits.so file is added to the Startup File. View the/etc/PAM. d/login file:

Session required/lib/security/pam_limits.so

As mentioned below, you can use ulimit-N 32768 to set the maximum descriptor, but it is only useful for the current session and root. This is not feasible.

Or modify/etc/security/limits. conf, but restart

In addition, I have not checked whether there are limits on the maximum descriptor of Linux. Do you want to modify the other limits?

Http://www.nsfocus.net/index.php? Act = magazine & Do = view & Mid = 134

How to restrict and monitor users

Most of Pam's Linux systems have built-in Pam support. One function of PAM is to set the system environment, such as setting the system memory size that a user can use. In red hat and Caldera

The/etc/security/directory of the Two Release versions contains many configurable files. The most interesting part is the/etc/security/limits. conf file, which allows you to define users or users

Group rules. The rules are soft or hard, and the content of the rules (such as CPU, memory, and maximum file size ). For example:

* Hard core 0

Bob soft nproc 100

Bob hard nproc 150

The first line of the rule prohibits everyone from generating core files. The second line of the rule (soft) defines that the maximum number of processes for user Bob is 100, and the third line rule (hard) defines that the maximum number of processes for user Bob is 150.

. It can exceed the limit (warning) of Soft rules, but cannot exceed the limit of excellent rules. As you can imagine, these rules define that all users can log on to services such as shell and FTP.

Helpful.

Bash

Bash has a built-in limiter "ulimit ". Note that no hard limit can be set too high, so if you are in/etc/profile or your. bash_profile (the user cannot edit or

Delete these files). You can apply restrictions to Your bash shell. This is useful for earlier Linux releases that lack Pam support. You must also make sure that

Users cannot change their logon shell. The restriction settings are similar to those of Pam. For example:

Ulimit-SC 0

Ulimit-su 100

Ulimit-hu150

Http://www.ringkee.com/jims/read_folder/books/LinuxHackingExposed

Ulimit command

You can add the command to the profile file or define it in the/etc/security/limits. conf file.

.

Command Parameters

-A: display all limits.

-Maximum size of C core files

-D the maximum data segment size of the process

-F shell: Maximum file size that can be created

-Maximum size of M resident memory

-S maximum stack size

-T the maximum CPU time per second

-P MPs queue size

-N: Maximum number of opened files

-Maximum number of U Processes

-V virtual memory limit

You can also define limits in the/etc/security/limits. conf file.

Domino type item Value

Domino is the username or group name starting with the symbol @. * indicates all users. Set "type" to hard or soft. Item refers

Resources to be restricted. Such as CPU, core nproc or maxlogins

. Value is the corresponding limit value.

Http://tech.blogchina.com/123/2005-06-10/372941.html

Common monitoring and management command tools in UNIX and Linux

Check the number of files opened by the program.

Sysctl: displays (or sets) system kernel parameters.

Sysctl-A displays all Kernel Parameters

Sysctl-W parameter name = parameter value

For example, sysctl-W fs. File-max = 10240 sets the maximum number of files allowed to be opened simultaneously by the system to be 10240.

The Kernel Parameter fs. File-Nr contains three parameter values. The first parameter indicates the peak number of files that have been simultaneously opened in the system,

The second parameter indicates the number of idle (released after allocation) files,

The third parameter indicates the maximum number of files that can be opened. The value is equal to FS. File-max.

Number of files currently opened = first parameter value-second parameter value

For example:

FS. File-Nr = 977 223 10240

Number of files currently opened = 977-233 = 744

Be careful when setting kernel parameters. Improper settings may cause system exceptions or even crash.

Ulimit: displays (or sets) resource limits that can be used by users

Ulimit-A displays the resource limits that users can use

Ulimit unlimited does not limit the resources that users can use, but this setting sets the maximum number of files that can be opened (max open files)

The maximum number of processes that can run simultaneously (max user processes) is invalid.

Ulimit-n <number of files that can be opened at the same time> sets the maximum number of files that can be opened at the same time (max open files)

Example: ulimit-N 8192

If this parameter is set too small, the too program open files error may occur for websites with a large number of concurrent visits.

Ulimit-u <maximum number of concurrent processes that can be run> sets the maximum number of processes that can be run simultaneously (max user processes)

For example, ulimit-u 1024

Http://www-128.ibm.com/developerworks/cn/linux/es-JavaVirtualMachinePerformance.html? CA = dwcn-newsletter-Linux

Performance tuning skills for ibm jvm for Linux on power

User restriction settings

To achieve optimal performance, it is very important for the user running the JVM process to have user settings correctly configured. These parameters can be set to one of the following two forms:

Temporarily, it is applicable when logging on to a shell session through the ulimit command.

Permanently, add a corresponding ulimit statement to one of the files read by the logon shell (for example ~ /. Profile), which is a shell-specific user resource file; or

Edit/etc/security/limits. conf.

We recommend that you set it to unlimited. Some important settings are as follows:

Data Segment Length: ulimit-D Unlimited

Maximum memory size: ulimit-M Unlimited

Stack size: ulimit-s Unlimited

CPU time: ulimit-T Unlimited

Virtual Memory: ulimit-V Unlimited

For Java applications that require many socket connections and make them open, it is best to use ulimit-N or set

The nofile parameter in/etc/security/limits. conf sets the number of file descriptors to be higher than the default value.

Improve shell restrictions for oracle users

/Etc/security/limits. conf

Oracle soft nproc 2047

Hard nproc 16384

Oracle soft nofile 1024

Oracle hard nofile 65536

/Etc/PAM. d/login

Session required/lib/security/pam_limits.so

/Etc/profile

If [$ user = "oracle"]; then

If [$ shell = "/bin/KSh"]; then

Ulimit-P 16384

Ulimit-N 65536

Else

Ulimit-u 16384-N 65536

Fi

Fi

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.