limits.conf用于实现对用户资源进行限制,如进程数/文件数等等。
配置文件的编写格式为
文件存放在目录:/etc/security/limits.conf
大致的内容如下:
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - an user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
配置文件的编写格式为
<domain> <type> <item> <value>
test hard nofile 100
</pre><p>如上的含义为限制test账户最多只能同时打开100个文件,其中用户名可以使用*来代表所有用户。</p><p>至于type字段,有hard和soft两个选项,其中hard为严格限制,soft则为达到这个设定的阈值即产生告警,所以通常soft设定的值都比hard类型小。如果使用-代替,那么则代表同时设定soft和hard两种值。</p><p>修改完成后账号重新登录即可生效。</p><p>网上很多介绍说修改这个配置文件之后,需要确保在/etc/pam.d/login中包含如下配置:</p><p></p><pre name="code" class="plain">session required /lib/security/pam_limits.so 32位系统
session required /64lib/security/pam_limits.so 64位系统
不过我用的64位centos并没有这个配置,依旧可以生效,如果有没生效的可以把这个加上试试看。