pam_limits 命令

常用示例

说明

pam_limits is a PAM session module that enforces per-user and per-group resource limits at login time. It reads limit definitions from `/etc/security/limits.conf` and any `*.conf` files in `/etc/security/limits.d/`, which are applied in lexicographic order. Each rule in the configuration has the format: `domain type item value`. The domain is a username, `@groupname`, `*` (all users), or a UID/GID range. The type is `soft` (user-adjustable ceiling), `hard` (kernel-enforced maximum), or `-` (set both). Common items include `nofile` (open file descriptors), `nproc` (processes), `memlock` (locked memory in KB), `stack` (stack size in KB), `cpu` (CPU time in minutes), `as` (address space in KB), `maxlogins` (concurrent logins per user), and `priority` (scheduling priority). Individual user entries take precedence over group entries. Users including root (uid=0) are subject to these limits. Use `unlimited`, `infinity`, or `-1` as the value to remove a limit (not valid for `priority`, `nice`, or `nonewprivs`). Limits only take effect for new login sessions; running processes are not affected.

参数

conf=_FILE_

Use an alternate limits configuration file instead of `/etc/security/limits.conf`.

debug

Print debug information to the system log.

change_uid

Change to the user's UID before reading the limits file. Useful when the limits file is only accessible by the target user.

utmp_early

Read the utmp entry before the module runs. Works around broken applications that allocate utmp entries before PAM completes.

noaudit

Do not report exceeded maximum login count to the audit subsystem.

set_all

Set unspecified limits from the PID 1 process limits. Not recommended on systemd systems, as PID 1 limits differ from kernel defaults.