limits.conf File To Limit Users, Process In Linux With Examples – POFTUT

limits.conf File To Limit Users, Process In Linux With Examples

limits.conf configuration file is used to limit user, domain, process-related metrics. Limits.conf is related to pam_limits module.

limits.conf Configuration File

There is a configuration file named limits.conf and located at /etc/security/ . The default content of this file is as below. We can see that there are different columns named domain , type , item and value .

#<domain>      <type>  <item>         <value> 
#*               soft    core            0 
#root            hard    core            100000 
#*               hard    rss             10000 
#@student        hard    nproc           20 
#@faculty        soft    nproc           20 
#@faculty        hard    nproc           50 
#ftp             hard    nproc           0 
#ftp             -       chroot          /ftp 
#@student        -       maxlogins       4

As we can see all configurations are commented so they are not effective. There is also a directory which is use to store configuration files in a separate files to maintain easily. This location is /etc/security/limits.d/ . It is by default empty but we can create rules in this directory easily.

limits.conf Syntax

Limits.conf file have a simple and reliable syntax. This syntax is defined to easily set context, type, limits and related values. We will look all of this terms below.

<domain> <type> <item> <value>


While limits configuration we need to specify context. This content can be defined in various ways and various parameters. The first column of the rule is the domain. A domain can be one of the following value.

  • username
  • groupname
  • * specifies all
  • userid
  • groupid


While limiting there is two type of limit implementation. These are called hard and soft . Hard limits are set by root and enforced by kernel. The hard limits can not be exceeded. Soft limits have some range overload. But the overload can be for a little time and can not continue forever.

LEARN MORE  Introduction To Certified Information System Security Professional (CISSP)


Items are the core of limits. Items are used to specify the item the limit will be applied. For example, if we want to limit the maximum process number we will use nproc numbers. Here are some of the items that can be used to for limit operation.

  • fsize specifies maximum file size
  • nofile specifies maximum number of file size
  • cpu specifies maximum CPU time
  • nproc specifies maximum number of process
  • maxlogins specifies maximum number of logins
  • maxsyslogins specifies maximum number of logins for all users

Specify User For Limit

Now we can start with examples. As we stated we can limit relevant items according to the user name. In the following rule, we will specify a limit for username ismail where we specify the user name in the first column.

ismail            hard    core            100000

In this example we set core or CPU limit for value 1000000 for username ismail as hard

Specify Group For Limit

In this example, we can specify the limit for a user group name. This type of limitation can be useful if we want to restrict some user group names.

@apache        hard    nproc           20

In this example we specify apache group name to limit process number as maximum 20

Use Wildcard For Limit

While specifying the domain or the users and groups we may need to set limits for all users and groups in a system. Here we will use * or a wildcard for this.

*               hard    rss             10000

In this example we set rss limit for all users and groups in this systems.

LEARN MORE  How To Disable or Enable SELinux Temporarily or Permanently?

Specify User ID Range For Limit

We want to specify limit some users. But they are not in a user group and we do not want or can create groups for these groups. Specifying limits one by one is a problem. We can specify multiple users like below. But the restriction is that we will specify the range.

1000:1010               hard    rss             10000

The rule above will be applied to the users those User ID’s are between 1000 and 1010 . The : operator used to specify the range.

Specify Group ID Range For Limit

The similar definition like previous user range is group range. We will specify group ID range like below.

@500:510               hard    rss             10000

In this example, the rules will be applied for the group ID between 500 and 510. We use @ operator to specify ID’s as a group and : for range.

Limit Number of Process

Now we will start to look at different item types to use. There are more items than described here but these are the most popular ones. The first example is limiting the number of processes for a user.

ismail        hard    nproc           20

In the example, we limit the process number with nproc item. The user the rule will apply is ismail and the maximum number of the process for this user can own is 20

Limit CPU Time

Another useful item to limit is CPU time. We can set limits about the CPU time .

ismail           soft    cpu             10000

In this example we applied maximum 10000 cycles for user ismail by using cpu item.

LEARN MORE  The Top Linux Distributions (Distros)

Limit Number Of Open File

We can limit the numbers of files a user can open in time. This can be useful to prevent disk bottlenecks if the system has a lot of users those access files.

ismail               hard    nofile          512

In this example we specify that the user ismail can only open 512 files or file descriptors with nofile item.

Limit Number Of Logins

By default, a user can have infinite numbers of connections, sessions, or logins in a system. This may create some security or performance problems for the systems. We can set some limits on this.

@student        -       maxlogins       4

In these examples, we limit the student group’s user’s login count. We use maxlogins for each user in the student group. The maximum number of login can not be more than 4 .

Limit Number Of System Logins

In the previous example, we have restricted maximum logins as a user base. we can also specify the total number of logins in system-wide. This restriction will be effective in a general manner.

*        -       maxsyslogins       40

In this example, we restrict all users and groups but actually, this is not a user or group based restriction. We set this rule system-wide and use maxsyslogin item as 40

Limit Maximum File Size

We may want to restrict file size. This restriction can be useful in temp or similar usage type files.

@student        -       fsize       4000000

In this example, we limit the student’s single file size as 4000000 . This is a presentation of KB or kilobyte. So the example means 4 GB . We use fsize as item type.

1 thought on “limits.conf File To Limit Users, Process In Linux With Examples”

Leave a Comment