Wednesday, September 14, 2011
9:19 AM

Limiting Linux System Users - limits.conf

Almost all Linux distributions ship with PAM support making it universally available. PAM limits provide a single standardized interface to setting user limits, instead of having to write complex shell configuration files (such as /etc/profile) you simply edit the "limits.conf" file. As well applying limits selectively through the command shell is very difficult, whereas with PAM applying limits globally, on groups or on individual users is quite simple. To enable PAM limits you need to add a line such as:
session        required    /lib/security/pam_limits.so
to the appropriate Pam configuration file (/etc/pam.d/sshd). You can then define limits, typically these are in "/etc/security/limits.conf" or a similar location. Because most of these limits are enforced by the shell the system cannot log all violations of limits (you will be notified in syslog when a user exceeds the number of times they are allowed to login, however you will not receive a warning if the user tries to use more disk space then they are allowed to).
Continue Reading...

0 comments:

Post a Comment