How to Limit Process at User Level on Linux

Ulimit, as the name signifies, is the user resource limits defined by users for their respective processes. It provides control over the resources available to the shell and to processes started by it, on systems that allow such control. That means the limit on the number of processes that a single user may create. Usually, you have to increase the values of some of the Linux kernel limits before your install or run many applications. This article is based on limiting process at user level

Read Also : 3 Methods to Change the Number of Open File Limit in Linux

What to understand

Linux can limit a total number of processes on the system doesn't have the option to limit any thread per process. Below file shows the maximum allowed process. You can alter this value.

# cat /proc/sys/kernel/threads-max

With ulimit you can set two kinds of limits:

  • Soft limit: it is the value that the kernel enforces for the corresponding resource.
  • Hard limit: acts as a ceiling for the soft limit.

An unprivileged process may only set its soft limit to a value in the range from 0 up to the hard limit, and (irreversibly) lower its hard limit. A privileged process may make arbitrary changes to either limit value.

1) Checking the values of the kernel limits

You can check all the value of the limits kernel as below

# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31111
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 31111
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

You can see that there are some unlimited settings. These limits can be changed

2) Change ulimit settings

For many distributions of Linux you can change values by substituting the -n option for any possible value in the output of ulimit -a

ulimit -n

See your operating system documentation for the precise procedure for changing system limits on running systems.

NB: After changing the ulimit settings, you must restart the process to take advantage of the modified settings. You can use the /proc file system to see the current limitations on a running process.
Depending on your system’s configuration, and default settings, any change to system limits made using ulimit may revert the following system a system restart. Check your distribution and operating system documentation for more information.

a) Set a maximum number of opened files

Linux servers have a PAM (pluggable authentication) module that handles system limits:

“By default limits are taken from the /etc/security/limits.conf config file. Then individual files from the /etc/security/limits.d/ directory are read. The files are parsed one after another in the order of “C” locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. If a config file is explicitly specified with a module option then the files in the above directory are not parsed.”

In our example we will set the maximum number of files to 16384 for all users of the system (values can be set for individual users or groups as well):

# vim /etc/security/limits.conf
   #Then you can add two lines for each limit:
* soft nofile 16384
* hard nofile 16384

Reboot your machine and test the new limits configuration

b) Scripted Mode for hard and soft limits

This section applies only to Linux operating systems. ( i used a RHEL 5 system for my example)
The /proc file-system stores the per-process limits in the file system object located at /proc/ /limits, where is the process’s PID or process identifier. You can use the following bash function to return the content of the limits object for a process or processes with a given name:

return-limits(){

for process in [email protected]; do
process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2`

if [ -z [email protected] ]; then
echo "[no $process running]"
else
for pid in $process_pids; do
echo "[$process #$pid -- limits]"
cat /proc/$pid/limits
done
fi

done
export -f return-limits
}

You can copy and paste this function into a current shell session or load it as part of a script. Call the function with one the following invocations:

Let's say you want to see the bash process limits in detail via this script return_limits.sh, you can check it via:

  • Source in the script via
#. ./return_limits.sh

Note the “.” after the hash, used to source in the function of the script

  • Call the bash process via this script
# return-limits bash
 [bash #9458 -- limits]
 Limit Soft Limit Hard Limit Units
 Max cpu time unlimited unlimited seconds
 Max file size unlimited unlimited bytes
 Max data size unlimited unlimited bytes
 Max stack size 10485760 unlimited bytes
 Max core file size 0 unlimited bytes
 Max resident set unlimited unlimited bytes
 Max processes 147456 147456 processes
 Max open files 1024 1024 files
 Max locked memory 32768 32768 bytes
 Max address space unlimited unlimited bytes
 Max file locks unlimited unlimited locks
 Max pending signals 147456 147456 signals
 Max msgqueue size 819200 819200 bytes
 Max nice priority 0 0
 Max realtime priority 0 0
 [bash #9562 -- limits]

Similarly, ulimit improper use can also destabilize the whole system and can paralyze it, but such scenarios are out of the scope of this article as this focusses on basic usage and will not be covered, its always recommended to refer the installation documentation of respective application for any such ulimit parameters and related modifications.

c) Set user limit via systemd

You can face some issues while trying to set limits. We have said that we set limits by editing the /etc/security/limits.conf file but systemd can ignore this file. You can need to use the equivalent keywords of the ulimit command as below

Directive        ulimit equivalent     Unit
LimitCPU=        ulimit -t             Seconds      
LimitFSIZE=      ulimit -f             Bytes
LimitDATA=       ulimit -d             Bytes
LimitSTACK=      ulimit -s             Bytes
LimitCORE=       ulimit -c             Bytes
LimitRSS=        ulimit -m             Bytes
LimitNOFILE=     ulimit -n             Number of File Descriptors 
LimitAS=         ulimit -v             Bytes
LimitNPROC=      ulimit -u             Number of Processes 
LimitMEMLOCK=    ulimit -l             Bytes
LimitLOCKS=      ulimit -x             Number of Locks 
LimitSIGPENDING= ulimit -i             Number of Queued Signals 
LimitMSGQUEUE=   ulimit -q             Bytes
LimitNICE=       ulimit -e             Nice Level 
LimitRTPRIO=     ulimit -r             Realtime Priority  
LimitRTTIME=     No equivalent

If a ulimit is set to unlimited set it to infinity in the systemd config

ulimit -c unlimited = LimitCORE=infinity
ulimit -v unlimited = LimitAS=infinity
ulimit -m unlimited = LimitRSS=infinity

By this way, you will need to set user limit by editing the /etc/systemd/user.conf file. This file contains the default limits which can be set for the users. You just need to found the limit that you want to set. For example, you can try as below

vim /etc/systemd/user.conf
DefaultLimitNOFILE=20000

If it doesn't work, try editing both /etc/systemd/system.conf and /etc/systemd/user.conf with the same value.

Some services that are started via systemd ignore the /etc/security/limits.conf file. To face the issue you should set the limits in the service definition file. You need to update the .service file

[Unit]
Description=Some Daemon
After=syslog.target network.target

[Service]
Type=notify
LimitNOFILE=20000
ExecStart=/usr/sbin/somedaemon

[Install]
WantedBy=multi-user.target

Related Article :

2 Ways to Limit CPU Usage of a Process in Linux

You should notice that the way you can adjust these limits depends on the particular Linux system. That means whether it is systemd-based, and possibly even on the version of systemd and on the way you logged into the system. if you face some services by systemd which ignore Limits in/etc/security/limits.conf, you should define the limit in the service definition file.

Alain Francois 2:00 am

About Alain Francois

IT Linux administrator passionate of free and open source software, I work on Linux Systems since some years on installations and deployments of certain solutions. I like to share my experiences with a wider audience by training and conferences.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.