Linux

How to configure user resource limits and restrictions in Linux

etcconf

Before we talk about this, I would briefly like to touch on PAM (Pluggable Authentication Module) in Linux. PAM helps us to authenticate, authentication is used by programs that provide users access to a system so as to be able to determine their identities. In Linux especially centos and RedHat many programs are configured in a way that makes authentication possible from a central spot. Some other guides can be found in these links: Practical use of SELinux in production: How to locate directory file context and restore it , how-to-create-a-static-pod-in-kubernetes-with-demos-that-can-help-you-become-a-better-kubernetes-administrator,how-to-create-and-deliver-a-report-on-system-utilization-on-a-linux-based-os/ and how-to-use-container-insights-to-get-the-full-benefits-of-azure-monitor-for-azure-kubernetes-workload/

User resource limits determine the amount of resources that can be used in  a particular user session. 

As the subject bothers on authentication and access, you should already have figured out that we are being pointed to security. To configure access and limits for a user or groups of users we should look at the configuration file in /etc/security

conf

On the command line, we changed from where we were into /etc/security and we then listed all the content in that directory as shown above. The particular file that we are interested in is limits. conf . So the next thing to do is to use a text editor like vim or even nano so go into the configuration file limits. conf and make any changes that we want.

limits.conf_
limits.conf

The configuration file on its own holds a lot of valuable information that can guide us through. The format it follows is <domain> <type> <item> <value>

A domain can be a user or group let us assume that we have a group called @techdirectarchive and a user called @raphael (it is always a good practice to put a @in front of a domain element). The type can either be a hard or a soft limit, item can be the size of the core, the size of nproc. The value is usually the restriction that you want to set. If for example, you want a particular group called coders to have only 30 processes running, the value will be 30.

Hard limit means that the limit will be enforced.
A soft limit is the type of limit that is not enforced immediately and sends a warning to the user before continuing the next line of action.

configurationx1

In the screenshot above @students means for members of the group students, there is a hard limit (meaning it will be enforced ) that sets the number of processes to 20.

Demo

Assuming that a server being used by the @techdirectarchive team is running low on resources. So that every member of the team has a fair chance to use the server, we will be limiting the available resource. We will give configure @techdirectarchive group so that they can only start 25 processes but however a user @christian will be given privileged access so that he can start an unlimited number of processes. So guys let’s head over to the console. type the command shown in earlier steps and add to the configuration file just as shown in the screenshot below. The steps are shown below

# cd /etc/security
#ls
# vim limits.conf
configuredxx1

We just need to enter the insert mood if we are using vi editor and configure the file so that the group and user can have the type, item, and values as shown above

The default number of processes that a root privileged user can have is 4026

Summary

We can configure /etc/security‘s limit.conf with the specific domain, type, item, and value to reflect the desired requirement using a text editor.

Subscribe
Notify of
guest

4 Comments
Inline Feedbacks
View all comments
Uzodimma
Uzodimma
1 year ago

Thank you Raphael for this piece, I did not know system resources could be managed until now.

How do I save the new configuration after modifying the limits?

Uzodimma
Uzodimma
1 year ago

Thank you for response. It is much helpful.

Just as most config file, only root has the right to modify it, right?

4
0
Would love your thoughts, please comment.x
()
x