Defines process resource limits for users.
Note: Changing the limit does not affect those processes that started by init, or alternatively, ulimits are only used by those processes that go through the login processes.
The /etc/security/limits file defines process resource limits for users. This file is an ASCII file that contains stanzas that specify the process resource limits for each user. These limits are set by individual attributes within a stanza.
Each stanza is identified by a user name followed by a colon, and contains attributes in the Attribute=Value form. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character. If you do not define an attribute for a user, the system applies default values.
If the hard values are not
explicitly defined in the /etc/security/limits file but the soft
values are, the system substitutes the following values for the hard
limits:
Resource | Hard Value |
---|---|
Core Size | unlimited |
CPU Time | cpu |
Data Size | unlimited |
File Size | fsize |
Memory Size | unlimited |
Stack Size | unlimited |
File Descriptors | unlimited |
Note: Use a value of -1 to set a resource to unlimited.
If the hard values are explicitly defined but the soft values are not, the system sets the soft values equal to the hard values.
You can set the following limits
on a user:
Except for the cpu attribute, each attribute must be a decimal integer string representing the number of 512-byte blocks allotted to the user. The cpu attribute is a decimal integer string representing the amount of system unit time in seconds. For an example of a limits file stanza, see the "Examples" section .
When you create a user with the mkuser command, the system adds a stanza for the user to the limits file. Once the stanza exists, you can use the chuser command to change the user's limits. To display the current limits for a user, use the lsuser command. To remove users and their stanzas, use the rmuser command.
Note: Access to the user database files should be through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases.
Access Control: This file should grant read (r) access to the root user and members of the security group, and write (w) access only to the root user. Access for other users and groups depends upon the security policy for the system.
Event | Information |
---|---|
S_LIMITS_WRITE | file name |
A typical record looks like the following example for user dhs:
dhs: fsize = 8192 core = 4096 cpu = 3600 data = 1272 stack = 1024 rss = 1024 nofiles = 2000
This command is part of Base Operating System (BOS) Runtime.
/etc/security/limits | Specifies the path to the file. |
/etc/group | Contains the basic group attributes. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/passwd | Contains the basic user attributes. |
/etc/security/passwd | Contains password information. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/environ | Contains the environment attributes of users. |
/etc/security/audit/config | Contains audit-system configuration information. |
/usr/lib/security/mkuser.default | Contains the default values for user accounts. |
/etc/security/lastlog | Contains last login information. |
The chuser command, lsuser command, mkuser command, rmuser command.
The enduserdb subroutine, getuserattr subroutine, IDtouser subroutine, nextuser subroutine, putuserattr subroutine, setuserdb subroutine.
File and System Security Overview in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.