PAM stands for pluggable authentication module. The PAM module pam_limits.so provides functionality to set a cap on resource utilization. The command ulimit can be used to view current limits as well as set new limits for a session. The default values used by pam_limits.so can be set in /etc/security/limits.conf.
we are updating limits.conf to set a limit on CPU uses by user username. Limits set by the ulimit command are limited to that session. To set the limits permanently, we need to set them in the limits.conf file.
The syntax of the limits.conf file is as follows:
<domain> <type> <item> <value>
- domain : can be a username, a group name, or a wildcard entry.
- type :
soft: This is a soft limit which can be changed by user
hard: This is a cap on soft limit set by super user and enforced by kernel
- item : is the resource to set the limit for. You can get a list of all items with ulimit -a
Setting resource limits with limits.conf
Step 1 : Check the CPU use limit with ulimit -t
Step 2 : To set new limit, open limits.conf with the following command
sudo nano /etc/security/limits.conf
Step 3 : Scroll to the end of the file and add following lines
<username> soft cpu 1000 # max cpu time in minutes <username> hard cpu 1000 # max cpu time in minutes
Step 4 : These limits will be applied after reboot.