Newbie School: Linux limits. conf explanation and Application

 

How limits. conf works:

Limits. the backend of conf works like this: limits. conf is the configuration file of pam_limits.so, And then/etc/pam. d/The application under calls pam _***. so module. For example, when a user accesses the server, the service program sends the request to the PAM module. The PAM module sends the request to/etc/pam according to the service name. d directory, select a corresponding service file, and then select a specific PAM module based on the service file content for processing.

For example, the number of services that restrict admin users to log on to sshd cannot exceed 2.

Add session required pam_limits.so to/etc/pam. d/sshd.

Add admin-maxlogins 2 to/etc/security/limits. conf.

Check whether the application can be supported by PAM. Use ldd

Parameters in the limits. conf file

The parameters of the Limits. conf file can be set to one of the following two forms:

Temporarily, it is applicable when logging on to a shell session through the ulimit command.

Permanently, add a corresponding ulimit statement to one of the files read by the logon shell (for example ~ /. Profile), which is a shell-specific user resource file, or by editing/etc/security/limits. conf.

1. core-limit the size of the Kernel File

What is a core file? When a program crashes, the stored images of the process are copied to the core file in the current working directory of the process. The core file is only a memory image (with debugging information added) and is mainly used for debugging. The core file is a binary file, and a corresponding tool is required to analyze the memory image when the program crashes.

The default core file size is 0, so no file is created. You can use the ulimit command to view and modify the size of the core file.

$ulimit -c0$ ulimit -c 1000$ ulimit -c1000

-C specifies the size of the core file, and 1000 specifies the size of the core file. You can also limit the size of the core file, for example:

# ulimit -c unlimited#ulimit -cunlimited

If you want the change to take effect permanently, You need to modify the configuration file, such as. bash_profile,/etc/profile, or/etc/security/limits. conf.

2. nofile-Maximum number of opened files

For applications that require many socket connections and make them open, it is best to use ulimit-n or set the nofile parameter, set the number of file descriptors to a higher value than the default value.