summaryrefslogtreecommitdiff
path: root/modules/pam_limits/pam_limits.8
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_limits/pam_limits.8')
-rw-r--r--modules/pam_limits/pam_limits.8152
1 files changed, 152 insertions, 0 deletions
diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8
new file mode 100644
index 00000000..fbbacc66
--- /dev/null
+++ b/modules/pam_limits/pam_limits.8
@@ -0,0 +1,152 @@
+'\" t
+.\" Title: pam_limits
+.\" Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_LIMITS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_limits \- PAM module to limit resources
+.SH "SYNOPSIS"
+.HP \w'\fBpam_limits\&.so\fR\ 'u
+\fBpam_limits\&.so\fR [conf=\fI/path/to/limits\&.conf\fR] [debug] [set_all] [utmp_early] [noaudit]
+.SH "DESCRIPTION"
+.PP
+The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\&. Users of
+\fIuid=0\fR
+are affected by this limits, too\&.
+.PP
+By default limits are taken from the
+/etc/security/limits\&.conf
+config file\&. Then individual *\&.conf files from the
+/etc/security/limits\&.d/
+directory are read\&. The files are parsed one after another in the order of "C" locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. If a config file is explicitly specified with a module option then the files in the above directory are not parsed\&.
+.PP
+The module must not be called by a multithreaded application\&.
+.PP
+If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\&.
+.SH "OPTIONS"
+.PP
+\fBconf=\fR\fB\fI/path/to/limits\&.conf\fR\fR
+.RS 4
+Indicate an alternative limits\&.conf style configuration file to override the default\&.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\&.
+.RE
+.PP
+\fBset_all\fR
+.RS 4
+Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1\&. Please note that if the init process is systemd these limits will not be the kernel default limits and this option should not be used\&.
+.RE
+.PP
+\fButmp_early\fR
+.RS 4
+Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\&. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\&.conf file\&.
+.RE
+.PP
+\fBnoaudit\fR
+.RS 4
+Do not report exceeded maximum logins count to the audit subsystem\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+Only the
+\fBsession\fR
+module type is provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_ABORT
+.RS 4
+Cannot get current limits\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+No limits found for this user\&.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+New limits could not be set\&.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+Cannot read config file\&.
+.RE
+.PP
+PAM_SESSION_ERR
+.RS 4
+Error recovering account name\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Limits were changed\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+The user is not known to the system\&.
+.RE
+.SH "FILES"
+.PP
+/etc/security/limits\&.conf
+.RS 4
+Default configuration file
+.RE
+.SH "EXAMPLES"
+.PP
+For the services you need resources limits (login for example) put a the following line in
+/etc/pam\&.d/login
+as the last line for that service (usually after the pam_unix session line):
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+#%PAM\-1\&.0
+#
+# Resource limits imposed on login sessions via pam_limits
+#
+session required pam_limits\&.so
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Replace "login" for each service you are using this module\&.
+.SH "SEE ALSO"
+.PP
+\fBlimits.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)\&.
+.SH "AUTHORS"
+.PP
+pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>