summaryrefslogtreecommitdiffstats
path: root/doc/README.limits
blob: 80ed940fe8c709e0572ea17396f2b76e14d282f9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
ABOUT shadow-login limits:

This code is merged into shadow login program from the original LShell 2.01
written by Joel Katz. The port and some additional features have been added
by Cristian Gafton (gafton@sorosis.ro).


Changes:
	- 96/04/16
		- {spaces,tabs} allowed within limits string
		- Warn via syslog multiple default limits
		- added few paragraphs to the login man page
	- 96/04/14
		- code merged into lmain.c --cristiang

TODO:	- support groups in the limits file
	  (only usernames are supported at this moment :-( )

Setting user limits for shadow login program

First, make a root-only-readable file (/etc/limits by default or LIMITS_FILE
defined config.h) that describes the resource limits you wish to impose. By
default no quotas are imposed on 'root'. In fact, there is no way to impose
limits via this procedure to root-equiv accounts (accounts with UID 0).

Each line describes a limit for a user in the form:

	user LIMITS_STRING

The LIMITS_STRING is a string of a concatenated list of resource limits.
Each limit consists of a letter identifier followed by a numerical limit.
The valid identifiers are:

	A: max address space (KB)
	C: max core file size (KB)
	D: max data size (KB)
	F: maximum filesize (KB)
	M: max locked-in-memory address space (KB)
	N: max number of open files
	R: max resident set size (KB)
	S: max stack size (KB)
	T: max CPU time (MIN)
	U: max number of processes
	L: max number of logins for this user

For example, L2D2048N5 is a valid LIMITS_STRING. For reading convenience,
the following entries are equivalent:

username L2D2048N5
username L2 D2048 N5

Be aware that after <username> the rest of the line is considered a limit
string, thus comments are not allowed. A invalid limits string will be
rejected (not considered) by the login program.

The default entry is denoted by username '*'. If you have multiple 'default'
entries in your LIMITS_FILE, then the last one will be used as the default
entry.

To completely disable limits for a user, a single dash (-) will do.

Also, please note that all limit settings are set PER LOGIN.  They are
not global, nor are they permanent.  Perhaps global limits will come, but
for now this will have to do ;)