
When the system is heavily used, it would be a big challenge for system administrators to manage resources. Ulimit (user limit) is a powerful command which helps to limit resources on your system.
Sometime, but not very often a single user may start too many processes to make the system unstable. To mitigate this we can use ulimit command to limit the number process each user or group can run.
In this tutorial, we learn how to limit the process at user level on Linux.
With ulimit you can set two kinds of limits:
- Hard limit: This limit is for security purpose. Hard limit can be increased only done by root (ie a non root process cannot go above a hard limit)
- Soft limit: This limit can be changed by process at any time. A non user can set a limit between (0 and hard limit) for its processes.
Check all current limits
You can check all the limits for the currently logined user.
Run the following ulimit command with -a
option:
$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3177
max locked memory (kbytes, -l) 16384
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 3177
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
You can see that there are some unlimited settings. These limits can be changed.
Note: The /proc
file-system stores the per-process limits in the file system object located at /proc/4548/limits
, where '4548' is the process’s PID or process identifier.
Set ulimit for user
You can use ulimit -u
to find max user processes or nproc limit.
$ ulimit -u
3177
You can change max user processes by the following command:
# ulimit -u 3500
If you get any error or unable to change check if you have set any limits in '/etc/security/limits.conf'.
Limits can be set for specific user or group in limits.con file.
If you want to set 'infrateam' to have more process than 'testers' and limit user bob nproc to '60', then set as follows:
@bob hard nproc 60
@testers hard nproc 100
@infrateam hard nproc 300
Here we set limit to open files using 'nofile' field. As we set soft limit, user will get warnings when they reach the lower limit.
@infrateam soft nofile 2000
@infrateam hard nofile 3000
Set Ulimit for open file
We can use ulimit command to view the limits open files for each user.
Check the user level open file hard limit
$ ulimit -Hn
4096
Check the user level open file soft limit
# ulimit -Sn
1024
If you want to change the current open file limits (soft or hard) you can update in 'limits.conf' file.
In our example, we will set the maximum number of files to 16384 for all users of the system.
# vim /etc/security/limits.conf
# Then you can add two lines for each limit:
* soft nofile 16384
* hard nofile 16384
Reboot your machine and test the new limits configuration
To check Linux system-wide current maximum number of open file, then run the following command:
# cat /proc/sys/fs/file-max
80786
To change maximum number of open file run following commands:
# sysctl -w fs.file-max=90786
to make it persistent after reboot update in 'sysctl.conf' file
# vi /etc/sysctl.conf
fs.file-max=90786
Set user limit via systemd
Earlier we discussed that we can set limits by editing the /etc/security/limits.conf
file but systemd would ignore this file.
Systemd by default reads from '/etc/systemd/system.conf' file. Below are systemd limits equivalent to ulimits.
Directive ulimit equivalent Unit
LimitCPU= ulimit -t Seconds
LimitFSIZE= ulimit -f Bytes
LimitDATA= ulimit -d Bytes
LimitSTACK= ulimit -s Bytes
LimitCORE= ulimit -c Bytes
LimitRSS= ulimit -m Bytes
LimitNOFILE= ulimit -n Number of File Descriptors
LimitAS= ulimit -v Bytes
LimitNPROC= ulimit -u Number of Processes
LimitMEMLOCK= ulimit -l Bytes
LimitLOCKS= ulimit -x Number of Locks
LimitSIGPENDING= ulimit -i Number of Queued Signals
LimitMSGQUEUE= ulimit -q Bytes
LimitNICE= ulimit -e Nice Level
LimitRTPRIO= ulimit -r Realtime Priority
LimitRTTIME= No equivalent
You can set user limit by editing the /etc/systemd/user.conf
file.
For example, you can try as below:
vim /etc/systemd/user.conf
DefaultLimitNOFILE=20000
Some services that are started via systemd ignore the /etc/security/limits.conf
file. To face this issue, you should set the limits in the service definition file.
You need to update the service file as following:
[Unit]
Description=Some Daemon
After=syslog.target network.target
[Service]
Type=notify
LimitNOFILE=20000
ExecStart=/usr/sbin/somedaemon
[Install]
WantedBy=multi-user.target
Conclusion
In this tutorial, we learned how to use ulimit command to set limit for processes for a user. I hope you enjoyed reading and please leave your suggestions or feedback in the comment section.
Read Also: