summaryrefslogtreecommitdiffstats
path: root/modules/pam_limits/README
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/pam_limits/README70
-rw-r--r--modules/pam_limits/README.xml39
2 files changed, 109 insertions, 0 deletions
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
new file mode 100644
index 0000000..ed104d6
--- /dev/null
+++ b/modules/pam_limits/README
@@ -0,0 +1,70 @@
+pam_limits — PAM module to limit resources
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_limits PAM module sets limits on the system resources that can be
+obtained in a user-session. Users of uid=0 are affected by this limits, too.
+
+By default limits are taken from the /etc/security/limits.conf config file.
+Then individual *.conf files from the /etc/security/limits.d/ directory are
+read. The files are parsed one after another in the order of "C" locale. The
+effect of the individual files is the same as if all the files were
+concatenated together in the order of parsing. If a config file is explicitly
+specified with a module option then the files in the above directory are not
+parsed.
+
+The module must not be called by a multithreaded application.
+
+If Linux PAM is compiled with audit support the module will report when it
+denies access based on limit of maximum number of concurrent login sessions.
+
+OPTIONS
+
+conf=/path/to/limits.conf
+
+ Indicate an alternative limits.conf style configuration file to override
+ the default.
+
+debug
+
+ Print debug information.
+
+set_all
+
+ Set the limits for which no value is specified in the configuration file to
+ the one from the process with the PID 1. Please note that if the init
+ process is systemd these limits will not be the kernel default limits and
+ this option should not be used.
+
+utmp_early
+
+ Some broken applications actually allocate a utmp entry for the user before
+ the user is admitted to the system. If some of the services you are
+ configuring PAM for do this, you can selectively use this module argument
+ to compensate for this behavior and at the same time maintain system-wide
+ consistency with a single limits.conf file.
+
+noaudit
+
+ Do not report exceeded maximum logins count to the audit subsystem.
+
+EXAMPLES
+
+These are some example lines which might be specified in /etc/security/
+limits.conf.
+
+* soft core 0
+* hard nofile 512
+@student hard nproc 20
+@faculty soft nproc 20
+@faculty hard nproc 50
+ftp hard nproc 0
+@student - maxlogins 4
+@student - nonewprivs 1
+:123 hard cpu 5000
+@500: soft cpu 10000
+600:700 hard locks 10
+
+
diff --git a/modules/pam_limits/README.xml b/modules/pam_limits/README.xml
new file mode 100644
index 0000000..964a5a2
--- /dev/null
+++ b/modules/pam_limits/README.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamlimits SYSTEM "pam_limits.8.xml">
+-->
+<!--
+<!ENTITY limitsconf SYSTEM "limits.conf.5.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_limits.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_limits-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_limits.8.xml" xpointer='xpointer(//refsect1[@id = "pam_limits-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_limits.8.xml" xpointer='xpointer(//refsect1[@id = "pam_limits-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="limits.conf.5.xml" xpointer='xpointer(//refsect1[@id = "limits.conf-examples"]/*)'/>
+ </section>
+
+</article>