diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 12:44:11 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 12:44:11 -0800 |
commit | efd31890b5ed496a5a00c08a262da240e66a4ddc (patch) | |
tree | 22a7aab22b3a491bb58df250d7d6409e0c160bcc /modules/pam_limits/README | |
parent | 067affee9267fa0d1c21835182ba639ba33e820f (diff) |
New upstream version 0.76
Diffstat (limited to 'modules/pam_limits/README')
-rw-r--r-- | modules/pam_limits/README | 107 |
1 files changed, 0 insertions, 107 deletions
diff --git a/modules/pam_limits/README b/modules/pam_limits/README deleted file mode 100644 index 023b9575..00000000 --- a/modules/pam_limits/README +++ /dev/null @@ -1,107 +0,0 @@ - -pam_limits module: - Imposing user limits on login. - -THEORY OF OPERATION: - -First, make a root-only-readable file (/etc/security/limits.conf by -default or INSTALLED_CONFILE defined Makefile) that describes the -resource limits you wish to impose. No limits are imposed on UID 0 -accounts. - -Each line describes a limit for a user in the form: - -<domain> <type> <item> <value> - -Where: -<domain> can be: - - an user name - - a group name, with @group syntax - - the wildcard *, for default entry - -<type> can have the three values: - - "soft" for enforcing the soft limits - - "hard" for enforcing hard limits - - "-" for enforcing both soft and hard limits - -<item> can be one of the following: - - core - limits the core file size (KB) - - data - max data size (KB) - - fsize - maximum filesize (KB) - - memlock - max locked-in-memory address space (KB) - - nofile - max number of open files - - rss - max resident set size (KB) - - stack - max stack size (KB) - - cpu - max CPU time (MIN) - - nproc - max number of processes - - as - address space limit - - maxlogins - max number of logins for this user - - maxsyslogins - max number of logins on the system - - priority - lower the priority by given value (value can be -ve) - - locks - max locked files (Linux 2.4 and higher) - -Note, if you specify a type of '-' but neglect to supply the item and -value fields then the module will never enforce any limits on the -specified user/group etc. . - -Please remember that individual limits have priority over group -limits, so if you impose no limits for admin group, but one of the -members in this group has a limits line, the user will have its limits -set according to this line. - -Also, please note that all limit settings are set PER LOGIN. They are -not global, nor are they permanent (they apply for the session only). - -In the LIMITS_FILE, the # character introduces a comment - the rest of the -line is ignored. - -The pam_limits module does its best to report configuration problems found -in LIMITS_FILE via syslog. - -EXAMPLE configuration file: -=========================== -* soft core 0 -* hard rss 10000 -@student hard nproc 20 -@faculty soft nproc 20 -@faculty hard nproc 50 -ftp hard nproc 0 -@student - maxlogins 4 - - -ARGUMENTS RECOGNIZED: - debug verbose logging - - conf=/path/to/file the limits configuration file if different from the - one set at compile time. - - change_uid change real uid to the user for who the limits - are set up. Use this option if you have problems - like login not forking a shell for user who has - no processes. Be warned that something else - may break when you do this. - - utmp_early some broken applications actually allocate a - utmp entry for the user before the user is - admitted to the system. If the service you are - configuring PAM for does this, you can use - this module argument to compensate for this - brokenness. - -MODULE SERVICES PROVIDED: - session _open_session and _close_session (blank) - -USAGE: - For the services you need resources limits (login for example) put a - the following line in /etc/pam.conf as the last line for that - service (usually after the pam_unix session line: - - login session required /lib/security/pam_limits.so - - Replace "login" for each service you are using this module, replace - "/lib/security" path with your real modules path. - -AUTHOR: - Cristian Gafton <gafton@redhat.com> - Thanks to Elliot Lee <sopwith@redhat.com> for his comments on - improving this module, and Jens Sorensen for Linux 2.4 updates. |