[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Files Reference


limits File

Purpose

Defines process resource limits for users.

Description

Note: Changing the limit does not affect those processes that started by init, or alternatively, ulimits are only used by those processes that go through the login processes.

The /etc/security/limits file defines process resource limits for users. This file is an ASCII file that contains stanzas that specify the process resource limits for each user. These limits are set by individual attributes within a stanza.

Each stanza is identified by a user name followed by a colon, and contains attributes in the Attribute=Value form. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character. If you do not define an attribute for a user, the system applies default values.

If the hard values are not explicitly defined in the /etc/security/limits file but the soft values are, the system substitutes the following values for the hard limits:

Resource Hard Value
Core Size unlimited
CPU Time cpu
Data Size unlimited
File Size fsize
Memory Size unlimited
Stack Size unlimited
File Descriptors unlimited

Note: Use a value of -1 to set a resource to unlimited.

If the hard values are explicitly defined but the soft values are not, the system sets the soft values equal to the hard values.

You can set the following limits on a user:

fsize Identifies the soft limit for the largest file a user's process can create or extend.
core Specifies the soft limit for the largest core file a user's process can create.
cpu Sets the soft limit for the largest amount of system unit time (in seconds) that a user's process can use.
data Identifies the soft limit for the largest process data segment for a user's process.
stack Specifies the soft limit for the largest process stack segment for a user's process.
rss Sets the soft limit for the largest amount of physical memory a user's process can allocate. This limit is not enforced by the system.
nofiles Sets the soft limit for the number of file descriptors a user process may have open at one time.
core_hard Specifies the largest core file a user's process can create.
cpu_hard Sets the largest amount of system unit time (in seconds) that a user's process can use.
data_hard Identifies the largest process data segment for a user's process.
fsize_hard Identifies the largest file a user's process can create or extend.
rss_hard Sets the largest amount of physical memory a user's process can allocate. This limit is not enforced by the system.
stack_hard Specifies the largest process stack segment for a user's process.
nofiles_hard Sets the soft limit for the number of file descriptors a user process may have open at one time.

Except for the cpu attribute, each attribute must be a decimal integer string representing the number of 512-byte blocks allotted to the user. The cpu attribute is a decimal integer string representing the amount of system unit time in seconds. For an example of a limits file stanza, see the "Examples" section .

When you create a user with the mkuser command, the system adds a stanza for the user to the limits file. Once the stanza exists, you can use the chuser command to change the user's limits. To display the current limits for a user, use the lsuser command. To remove users and their stanzas, use the rmuser command.

Note: Access to the user database files should be through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases.

Security

Access Control: This file should grant read (r) access to the root user and members of the security group, and write (w) access only to the root user. Access for other users and groups depends upon the security policy for the system.

Auditing Events:

Event Information
S_LIMITS_WRITE file name

Examples

A typical record looks like the following example for user dhs:

dhs:
   fsize = 8192
   core = 4096
   cpu = 3600
   data = 1272
   stack = 1024
   rss = 1024
   nofiles = 2000

Implementation Specifics

This command is part of Base Operating System (BOS) Runtime.

Files


/etc/security/limits Specifies the path to the file.
/etc/group Contains the basic group attributes.
/etc/security/group Contains the extended attributes of groups.
/etc/passwd Contains the basic user attributes.
/etc/security/passwd Contains password information.
/etc/security/user Contains the extended attributes of users.
/etc/security/environ Contains the environment attributes of users.
/etc/security/audit/config Contains audit-system configuration information.
/usr/lib/security/mkuser.default Contains the default values for user accounts.
/etc/security/lastlog Contains last login information.

Related Information

The chuser command, lsuser command, mkuser command, rmuser command.

The enduserdb subroutine, getuserattr subroutine, IDtouser subroutine, nextuser subroutine, putuserattr subroutine, setuserdb subroutine.

File and System Security Overview in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]