Before we talk about this, I would briefly like to touch on PAM (Pluggable Authentication Module) in Linux. PAM helps us to authenticate, authentication is used by programs that provide users access to a system so as to be able to determine their identities. In Linux especially centos and RedHat many programs are configured in a way that makes authentication possible from a central spot. Some other guides can be found in these links: Practical use of SELinux in production: How to locate directory file context and restore it , how-to-create-a-static-pod-in-kubernetes-with-demos-that-can-help-you-become-a-better-kubernetes-administrator,how-to-create-and-deliver-a-report-on-system-utilization-on-a-linux-based-os/ and how-to-use-container-insights-to-get-the-full-benefits-of-azure-monitor-for-azure-kubernetes-workload/
User resource limits determine the amount of resources that can be used in a particular user session.
As the subject bothers on authentication and access, you should already have figured out that we are being pointed to security. To configure access and limits for a user or groups of users we should look at the configuration file in /etc/security
On the command line, we changed from where we were into /etc/security and we then listed all the content in that directory as shown above. The particular file that we are interested in is limits. conf . So the next thing to do is to use a text editor like vim or even nano so go into the configuration file limits. conf and make any changes that we want.
The configuration file on its own holds a lot of valuable information that can guide us through. The format it follows is <domain> <type> <item> <value>
A domain can be a user or group let us assume that we have a group called @techdirectarchive and a user called @raphael (it is always a good practice to put a @in front of a domain element). The type can either be a hard or a soft limit, item can be the size of the core, the size of nproc. The value is usually the restriction that you want to set. If for example, you want a particular group called coders to have only 30 processes running, the value will be 30.
Hard limit means that the limit will be enforced.
A soft limit is the type of limit that is not enforced immediately and sends a warning to the user before continuing the next line of action.
In the screenshot above @students means for members of the group students, there is a hard limit (meaning it will be enforced ) that sets the number of processes to 20.
Demo
Assuming that a server being used by the @techdirectarchive team is running low on resources. So that every member of the team has a fair chance to use the server, we will be limiting the available resource. We will give configure @techdirectarchive group so that they can only start 25 processes but however a user @christian will be given privileged access so that he can start an unlimited number of processes. So guys let’s head over to the console. type the command shown in earlier steps and add to the configuration file just as shown in the screenshot below. The steps are shown below
# cd /etc/security
#ls
# vim limits.conf
We just need to enter the insert mood if we are using vi editor and configure the file so that the group and user can have the type, item, and values as shown above
The default number of processes that a root privileged user can have is 4026
Summary
We can configure /etc/security‘s limit.conf with the specific domain, type, item, and value to reflect the desired requirement using a text editor.
