/etc/security/limits.conf

The /etc/security/limits.conf file is used to set limits on system resources for users and processes in Unix-like operating systems. It allows administrators to define constraints such as maximum CPU time, maximum number of processes, maximum file size, and more. Here's an overview of the purpose, typical configuration options, and significance of /etc/security/limits.conf:

Purpose of /etc/security/limits.conf

The main purpose of /etc/security/limits.conf is to:

• Define resource limits for users and processes on the system.

• Control and manage resource consumption to prevent abuse or ensure fair resource allocation.

• Improve system stability and security by enforcing limits on resource-intensive activities.

Typical Configuration Options

1. User and Group Definitions: Specify which users or groups the limits apply to.

   # Format: <domain> <type> <item> <value>
   * soft core 0
   * hard rss 10000
   @users hard nproc 20

   • *: Applies the limit to all users.

   • @users: Applies the limit to all members of the users group.

2. Resource Limit Types: Define various resource limits for users and processes.

   # Example limits
   * soft core 0
   * hard rss 10000
   @users hard nproc 20

   • core: Maximum core file size in bytes.

   • rss: Maximum resident set size (RAM) in kilobytes.

   • nproc: Maximum number of processes.

3. Soft and Hard Limits:

   • Soft Limits: Enforceable limits that can be exceeded temporarily.

   • Hard Limits: Absolute limits that cannot be exceeded.

4. Other Options:

   • @group definitions apply to all users in a specified group.

   • root for setting specific limits for the root user.

   • @domain to apply limits to all users except those in a specific group or user.

Example Configuration

Here’s a simplified example of what /etc/security/limits.conf might look like:

# Allow core dumps, but set the limit for all users
* soft core 0
* hard core unlimited

# Set maximum RSS size to 10,000 KB for all users
* soft rss 10000
* hard rss unlimited

# Limit number of processes to 20 for users in 'users' group
@users hard nproc 20

Security Considerations

• Impact Assessment: Understand the impact of setting limits on users and processes before applying them.

• Testing: Test limits in a controlled environment to ensure they do not adversely affect system functionality.

• Monitoring: Monitor system performance and logs after applying limits to detect any unexpected behavior or resource contention.

Conclusion

/etc/security/limits.conf provides a powerful mechanism for controlling and managing resource consumption on Unix-like systems. By configuring this file appropriately, administrators can enforce resource limits to maintain system stability, prevent abuse, and ensure fair allocation of resources among users and processes.