Working Principle of/etc/security/limits. conf

/Etc/security/limits. how conf works 1. limits. conf description limits. the conf file is actually the pam_limits.so configuration file in LinuxPAM (plug-in Authentication Module, pluggableauthenticationmodumodules), which breaks through the default system restrictions... /etc/security/limits. how conf works 1. limits. conf description limits. the conf file is actually the configuration file pam_limits.so in Linux PAM (plug-in Authentication Module, Pluggable Authentication Modules), which breaks through the default limits of the system and protects system access resources. The difference between limits. conf and sysctl. conf is that limits. conf is for users, and sysctl. conf is for system parameter configuration. 2. how limits. conf works. limits. conf is the configuration file of pam_limits.so, and the application under/etc/pam. d/calls the pam _ ***. so module. For example, when a user accesses the server, the service program sends the request to the PAM module. the PAM module sends the request to/etc/pam according to the service name. d. select a corresponding service file under the Directory, and then select a specific PAM module based on the content of the service file for processing, for example: restrict admin users to log on to sshd. the number of services cannot exceed 2 in/etc/pam. add session required pam_limits.so to/etc/security/limits. add admin-maxlogins in conf. note: Check whether the application is supported by PAM. Similarly, use ldd limits. to use conf, you must ensure/etc/pam. d/login contains the following: session required pam_limits.so 3, limits. conf file format: username | @ groupname type resource limit 1) username | @ groupnam E. set the user name to be restricted. The group name is preceded by @ and the user name. Wildcard characters can also be used as the limit for all users. 2) the type types include soft, hard, and-. soft indicates the setting value effective for the current system. Hard indicates the maximum value that can be set in the system. Soft cannot be more restrictive than har. -Indicates that both soft and hard values are set. 3) resource: indicates the resource to be restricted. (1) core-limits the size of the kernel file. what is the core file, when a program crashes, the stored images of the process are copied to the core file in the current working directory of the process. The core file is only a memory image (with debugging information added) and is mainly used for debugging. A core file is a binary file. you need to use corresponding tools to analyze the memory image when the program crashes. the default core file size is 0, so it is not created. You can use the ulimit command to view and modify the core file size. for example, # ulimit-c 0 # ulimit-c 1000-c specifies to modify the core file size, and 1000 specifies the core file size. You can also set no limit on the size of the core file, for example, ulimit-c unlimited. note: If you want the modification to take effect permanently, you need to modify the configuration file, as shown in. bash_profile,/etc/profile, or/etc/security/limits. conf (2) date-Max data size (3) fsize-Max file size (4) memlock-Max lock memory address space (5) nofile-the maximum number of opened files for applications that require many socket connections and make them open, it is best to use ulimit-n or set the nofile parameter, set the number of file descriptors to a higher value than the default value (6) rss-maximum persistent size (7) stack-maximum stack size (8) cpu-maximum CPU time in minutes (9) noproc-maximum number of processes (10) as-address space limit (11) maxlogins-this user Maximum number of logins allowed. note: to make the limits. conf file take effect, make sure that the pam_limits.so file is added to the startup file. View/etc/pam. the d/login files include: session required/lib/security/pam_limits.so 4 and limits. conf setting 1) takes effect temporarily. it applies to the permanent effect of logging on to the shell session through the ulimit command. 2) add a corresponding ulimit statement to one of the files read by the login shell (for example ~ /. Profile), which is a shell-specific user resource file, or by editing/etc/security/limits. conf