diff options
Diffstat (limited to 'modules/pam_limits/README')
-rw-r--r-- | modules/pam_limits/README | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/modules/pam_limits/README b/modules/pam_limits/README new file mode 100644 index 0000000..ed104d6 --- /dev/null +++ b/modules/pam_limits/README @@ -0,0 +1,70 @@ +pam_limits — PAM module to limit resources + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_limits PAM module sets limits on the system resources that can be +obtained in a user-session. Users of uid=0 are affected by this limits, too. + +By default limits are taken from the /etc/security/limits.conf config file. +Then individual *.conf files from the /etc/security/limits.d/ directory are +read. The files are parsed one after another in the order of "C" locale. The +effect of the individual files is the same as if all the files were +concatenated together in the order of parsing. If a config file is explicitly +specified with a module option then the files in the above directory are not +parsed. + +The module must not be called by a multithreaded application. + +If Linux PAM is compiled with audit support the module will report when it +denies access based on limit of maximum number of concurrent login sessions. + +OPTIONS + +conf=/path/to/limits.conf + + Indicate an alternative limits.conf style configuration file to override + the default. + +debug + + Print debug information. + +set_all + + Set the limits for which no value is specified in the configuration file to + the one from the process with the PID 1. Please note that if the init + process is systemd these limits will not be the kernel default limits and + this option should not be used. + +utmp_early + + Some broken applications actually allocate a utmp entry for the user before + the user is admitted to the system. If some of the services you are + configuring PAM for do this, you can selectively use this module argument + to compensate for this behavior and at the same time maintain system-wide + consistency with a single limits.conf file. + +noaudit + + Do not report exceeded maximum logins count to the audit subsystem. + +EXAMPLES + +These are some example lines which might be specified in /etc/security/ +limits.conf. + +* soft core 0 +* hard nofile 512 +@student hard nproc 20 +@faculty soft nproc 20 +@faculty hard nproc 50 +ftp hard nproc 0 +@student - maxlogins 4 +@student - nonewprivs 1 +:123 hard cpu 5000 +@500: soft cpu 10000 +600:700 hard locks 10 + + |