Linux:Powerful Server Administration
上QQ阅读APP看书,第一时间看更新

Setting resource limits with limits.conf

Ubuntu is a multiuser and multi-process operating system. If a single user or process is consuming too many resources, other processes might not be able to use the system. In this recipe, you will see how to set resource limits to avoid such problems.

Getting ready

User account with root privileges is required.

How to do it...

Following are the steps to set the resource limits:

  1. Check the CPU use limit with $ulimit –t.
  2. To set new limit, open limits.conf with the following command:
    $sudo nano /etc/security/limits.conf
    
  3. Scroll to the end of the file and add following lines:
    username soft cpu 0 # max cpu time in minutes
    username hard cpu 1000 # max cpu time in minutes
    
  4. Enter Ctrl + O to save the changes.
  5. Enter Ctrl + X to exit GNU nano editor.

How it works…

PAM stands for pluggable authentication module. The PAM module pam_limits.so provides functionality to set a cap on resource utilization. The command ulimit can be used to view current limits as well as set new limits for a session. The default values used by pam_limits.so can be set in /etc/security/limits.conf.

In this recipe, we are updating limits.conf to set a limit on CPU uses by user username. Limits set by the ulimit command are limited to that session. To set the limits permanently, we need to set them in the limits.conf file.

The syntax of the limits.conf file is as follows:

<domain> <type> <item> <value>

Here, <domain> can be a username, a group name, or a wildcard entry.

<type> denotes the type of the limit and it can have the following values:

  • soft: This is a soft limit which can be changed by user
  • hard: This is a cap on soft limit set by super user and enforced by kernel

<item> is the resource to set the limit for. You can get a list of all items with $ulimit –a:

In our example, we have set soft limit on CPU uses to 0 minutes and hard limit to 1000 minutes. You can changes soft limit values with the ulimit command. To view existing limits on open files, use the command $ulimit -n. To change limits on open files, pass the new limit as follows:

$ulimit -n 4096

An unprivileged process can only set its soft limit value between 0 and hard limit, and it can irreversibly lower hard limit. A privileged process can change either limit values.

There's more…

The command ulimit can be used to set limits on per process basis. You can't use the ulimit command to limit resources at the user level. You can use cgroups to set a cap on resource use.