$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7671
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) 811664
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 7671
virtual memory (kbytes, -v) 1175120
file locks (-x) unlimited
All these settings can be manipulated. A good example is this forkbomb that forks as many processes as possible and can crash systems where no user limits are set - see this example - here
Warning: Do not run this program! If no limits are set your system will either become unresponsive or might even crash.
Now this is not good - any user with shell access to your box could take it down. But if that user can only start 20 processes the damage will be minimal. So let's set a process limit of MAX 20 process for a particular users in the system, this can be done by inserting the simple one line in limit.conf file.
Following will prevent a "fork bomb":
nikesh hard nproc 20Above will prevent user "nikesh" to create more than 20 process and anyone in the group1 from having more than 50 processes.
@group1 hard nproc 50
There are many more setting and limits that you can set on a particular user or to a entire group like ..
using below configuration will prevent any users in the system to logins not more than 3 places at same time.
* hard maxlogins 3
Limit on size of core file
* hard core 0
0 comments:
Post a Comment