summaryrefslogtreecommitdiff
path: root/modules/pam_limits/README
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_limits/README')
-rw-r--r--modules/pam_limits/README87
1 files changed, 87 insertions, 0 deletions
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
new file mode 100644
index 00000000..06a6857a
--- /dev/null
+++ b/modules/pam_limits/README
@@ -0,0 +1,87 @@
+
+pam_limits module:
+ Imposing user limits on login.
+
+THEORY OF OPERATION:
+
+First, make a root-only-readable file (/etc/limits by default or LIMITS_FILE
+defined Makefile) that describes the resource limits you wish to impose. No
+limits are imposed on UID 0 accounts.
+
+Each line describes a limit for a user in the form:
+
+<domain> <type> <item> <value>
+
+Where:
+<domain> can be:
+ - an user name
+ - a group name, with @group syntax
+ - the wildcard *, for default entry
+
+<type> can have the two values:
+ - "soft" for enforcinf the soft limits
+ - "hard" for enforcing hard limits
+
+<item> can be one of the following:
+ - core - limits the core file size (KB)
+ - data - max data size (KB)
+ - fsize - maximum filesize (KB)
+ - memlock - max locked-in-memory address space (KB)
+ - nofile - max number of open files
+ - rss - max resident set size (KB)
+ - stack - max stack size (KB)
+ - cpu - max CPU time (MIN)
+ - nproc - max number of processes
+ - as - address space limit
+ - maxlogins - max number of logins for this user
+ - maxsyslogins - max number of logins on the system
+
+To completely disable limits for a user (or a group), a single dash (-)
+will do (Example: 'bin -', '@admin -'). Please remember that individual
+limits have priority over group limits, so if you impose no limits for admin
+group, but one of the members in this group have a limits line, the user
+will have its limits set according to this line.
+
+Also, please note that all limit settings are set PER LOGIN. They are
+not global, nor are they permanent (the session only)
+
+In the LIMITS_FILE, the # character introduces a comment - the rest of the
+line is ignored.
+
+The pam_limits module does its best to report configuration problems found
+in LIMITS_FILE via syslog.
+
+EXAMPLE configuration file:
+===========================
+* soft core 0
+* hard rss 10000
+@student hard nproc 20
+@faculty soft nproc 20
+@faculty hard nproc 50
+ftp hard nproc 0
+@student - maxlogins 4
+
+
+ARGUMENTS RECOGNIZED:
+ debug verbose logging
+
+ conf=/path/to/file the limits configuration file if different from the
+ one set at compile time.
+
+MODULE SERVICES PROVIDED:
+ session _open_session and _close_session (blank)
+
+USAGE:
+ For the services you need resources limits (login for example) put a
+ the following line in /etc/pam.conf as the last line for that
+ service (usually after the pam_unix session line:
+
+ login session required /lib/security/pam_limits.so
+
+ Replace "login" for each service you are using this module, replace
+ "/lib/security" path with your real modules path.
+
+AUTHOR:
+ Cristian Gafton <gafton@redhat.com>
+ Thanks to Elliot Lee <sopwith@redhat.com> for his comments on
+ improving this module.