SECURITY Limit User Processes

Introduction

Limiting user processes is one way to make sure that one user can not "commandeer" the system making it unusable for others. To limit the processes a user on your system can we have two files to edit

/etc/limits

File format

Each line consists of username followed by a limit string. The limit string describes limits for particular user. The options are:

• A: max address space (KB)
• C: max core file size (KB)
• D: max data size (KB)
• F: maximum filesize (KB)
• M: max locked-in-memory address space (KB)
• N: max number of open files
• R: max resident set size (KB)
• S: max stack size (KB)
• T: max CPU time (MIN)
• U: max number of processes
• L: max number of logins for this user
•  : file creation mask, set by umask
•  : process priority, set by setpriority

Example

# This will limit all users to 40 processes max. This can be used to prevent a "fork bomb".
# Be warned, if the user logs into a Desktop Environment like GNOME or KDE, 
# this could cause problems due to how many processes they launch.
* U 40

# Limit fred to logging in no more than twice. NOTE: This does not affect virtual terminals for some reason.
fred L 2