1 files changed, 50 insertions, 32 deletions
diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
index f527fec8..c9c41876 100644
--- a/modules/pam_limits/limits.conf.5
+++ b/modules/pam_limits/limits.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: limits.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
+.\"      Date: 05/07/2023
 .\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
+.\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "LIMITS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "LIMITS\&.CONF" "5" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,7 +50,7 @@ The syntax of the lines is as follows:
 .PP
 The fields listed above should be filled as follows:
 .PP
-\fB<domain>\fR
+<domain>
 .RS 4
 .sp
 .RS 4
@@ -145,19 +145,23 @@ a gid specified as
 \fB%:\fR\fI<gid>\fR
 applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&.
 .RE
+.sp
+\fBNOTE:\fR
+group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username
+\fBroot\fR\&.
 .RE
 .PP
-\fB<type>\fR
+<type>
 .RS 4
 .PP
-\fBhard\fR
+hard
 .RS 4
 for enforcing
 \fBhard\fR
 resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&.
 .RE
 .PP
-\fBsoft\fR
+soft
 .RS 4
 for enforcing
 \fBsoft\fR
@@ -168,7 +172,7 @@ limits\&. The values specified with this token can be thought of as
 values, for normal system usage\&.
 .RE
 .PP
-\fB\-\fR
+\-
 .RS 4
 for enforcing both
 \fBsoft\fR
@@ -180,100 +184,110 @@ Note, if you specify a type of \*(Aq\-\*(Aq but neglect to supply the item and v
 .RE
 .RE
 .PP
-\fB<item>\fR
+<item>
 .RS 4
 .PP
-\fBcore\fR
+core
 .RS 4
 limits the core file size (KB)
 .RE
 .PP
-\fBdata\fR
+data
 .RS 4
 maximum data size (KB)
 .RE
 .PP
-\fBfsize\fR
+fsize
 .RS 4
 maximum filesize (KB)
 .RE
 .PP
-\fBmemlock\fR
+memlock
 .RS 4
 maximum locked\-in\-memory address space (KB)
 .RE
 .PP
-\fBnofile\fR
+nofile
 .RS 4
 maximum number of open file descriptors
 .RE
 .PP
-\fBrss\fR
+rss
 .RS 4
 maximum resident set size (KB) (Ignored in Linux 2\&.4\&.30 and higher)
 .RE
 .PP
-\fBstack\fR
+stack
 .RS 4
 maximum stack size (KB)
 .RE
 .PP
-\fBcpu\fR
+cpu
 .RS 4
 maximum CPU time (minutes)
 .RE
 .PP
-\fBnproc\fR
+nproc
 .RS 4
 maximum number of processes
 .RE
 .PP
-\fBas\fR
+as
 .RS 4
 address space limit (KB)
 .RE
 .PP
-\fBmaxlogins\fR
+maxlogins
 .RS 4
 maximum number of logins for this user (this limit does not apply to user with
 \fIuid=0\fR)
 .RE
 .PP
-\fBmaxsyslogins\fR
+maxsyslogins
 .RS 4
 maximum number of all logins on system; user is not allowed to log\-in if total number of all user logins is greater than specified number (this limit does not apply to user with
 \fIuid=0\fR)
 .RE
 .PP
-\fBpriority\fR
+nonewprivs
+.RS 4
+value of 0 or 1; if set to 1 disables acquiring new privileges by invoking prctl(PR_SET_NO_NEW_PRIVS)
+.RE
+.PP
+priority
 .RS 4
 the priority to run user process with (negative values boost process priority)
 .RE
 .PP
-\fBlocks\fR
+locks
 .RS 4
 maximum locked files (Linux 2\&.4 and higher)
 .RE
 .PP
-\fBsigpending\fR
+sigpending
 .RS 4
 maximum number of pending signals (Linux 2\&.6 and higher)
 .RE
 .PP
-\fBmsgqueue\fR
+msgqueue
 .RS 4
 maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher)
 .RE
 .PP
-\fBnice\fR
+nice
 .RS 4
 maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) values: [\-20,19]
 .RE
 .PP
-\fBrtprio\fR
+rtprio
 .RS 4
 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
 .RE
+.PP
+\fBchroot\fR
+.RS 4
+the directory to chroot the user to
+.RE
 .RE
 .PP
 All items support the values
@@ -282,9 +296,11 @@ All items support the values
 or
 \fIinfinity\fR
 indicating no limit, except for
-\fBpriority\fR
-and
-\fBnice\fR\&.
+\fBpriority\fR,
+\fBnice\fR, and
+\fBnonewprivs\fR\&. If
+\fBnofile\fR
+is to be set to one of these values, it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3))\&.
 .PP
 If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value
 \fIrequired\fR
@@ -315,12 +331,14 @@ These are some example lines which might be specified in
 .\}
 .nf
 *               soft    core            0
+root            hard    core            100000
 *               hard    nofile          512
 @student        hard    nproc           20
 @faculty        soft    nproc           20
 @faculty        hard    nproc           50
 ftp             hard    nproc           0
 @student        \-       maxlogins       4
+@student        \-       nonewprivs      1
 :123            hard    cpu             5000
 @500:           soft    cpu             10000
 600:700         hard    locks           10
@@ -333,7 +351,7 @@ ftp             hard    nproc           0
 .PP
 \fBpam_limits\fR(8),
 \fBpam.d\fR(5),
-\fBpam\fR(8),
+\fBpam\fR(7),
 \fBgetrlimit\fR(2),
 \fBgetrlimit\fR(3p)
 .SH "AUTHOR"