Working principle of/etc/security/limits. conf

Source: Internet
Author: User

/Etc/security/limits. how conf Works 1. limits. conf description limits. the conf file is actually the configuration file pam_limits.so in Linux PAM (plug-in Authentication module, Pluggable Authentication Modules), which breaks through the default limits of the system and protects system access resources. The difference between limits. conf and sysctl. conf is that limits. conf is for users, and sysctl. conf is for system parameter configuration. 2. How limits. conf works. limits. conf is the configuration file of pam_limits.so, and the application under/etc/pam. d/calls the pam _ ***. so module. For example, when a user accesses the server, the service program sends the request to the PAM module. The PAM module sends the request to/etc/pam according to the service name. d. Select a corresponding service file under the directory, and then select a specific PAM module based on the content of the service file for processing, for example: restrict admin users to log on to sshd. The number of services cannot exceed 2 in/etc/pam. add session required pam_limits.so to/etc/security/limits. add admin-maxlogins in conf. Note: Check whether the application is supported by PAM. Similarly, use ldd limits. to use conf, you must ensure/etc/pam. d/login contains the following: session required pam_limits.so 3, limits. conf file format: username | @ groupname type resource limit 1) username | @ groupnam E. Set the user name to be restricted. The group name is preceded by @ and the user name. Wildcard characters can also be used as the limit for all users. 2) the type types include soft, hard, and-. soft indicates the Setting Value effective for the current system. Hard indicates the maximum value that can be set in the system. Soft cannot be more restrictive than har. -Indicates that both soft and hard values are set. 3) resource: indicates the resource to be restricted. (1) core-limits the size of the kernel file. What is the core file, when a program crashes, the stored images of the process are copied to the core file in the current working directory of the process. The core file is only a memory image (with debugging information added) and is mainly used for debugging. A core file is a binary file. You need to use corresponding tools to analyze the memory image when the program crashes. The default core file size is 0, so it is not created. You can use the ulimit command to view and modify the core file size. For example, # ulimit-c 0 # ulimit-c 1000-c specifies to modify the core file size, and 1000 specifies the core file size. You can also set no limit on the size of the core file, for example, ulimit-c unlimited. Note: If you want the modification to take effect permanently, You need to modify the configuration file, as shown in. bash_profile,/etc/profile, or/etc/security/limits. conf (2) date-max data size (3) fsize-Max file size (4) memlock-Max lock memory address space (5) nofile-the maximum number of opened files for applications that require many socket connections and make them open, it is best to use ulimit-n or set the nofile parameter, set the number of file descriptors to a higher value than the default value (6) rss-maximum persistent size (7) stack-maximum stack size (8) cpu-maximum CPU time in minutes (9) noproc-Maximum number of processes (10) as-address space limit (11) maxlogins-this user Maximum number of logins allowed. Note: to make the limits. conf file take effect, make sure that the pam_limits.so file is added to the Startup File. View/etc/pam. the d/login files include: session required/lib/security/pam_limits.so 4 and limits. conf setting 1) takes effect temporarily. It applies to the permanent effect of logging on to the shell session through the ulimit command. 2) Add a corresponding ulimit statement to one of the files read by the login shell (for example ~ /. Profile), which is a shell-specific user resource file, or by editing/etc/security/limits. conf
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.