From ea488580c42e8918445a945484de3c8a5addc761 Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" Date: Tue, 20 Jun 2000 22:10:38 +0000 Subject: Initial revision --- modules/pam_limits/README | 87 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 modules/pam_limits/README (limited to 'modules/pam_limits/README') diff --git a/modules/pam_limits/README b/modules/pam_limits/README new file mode 100644 index 00000000..06a6857a --- /dev/null +++ b/modules/pam_limits/README @@ -0,0 +1,87 @@ + +pam_limits module: + Imposing user limits on login. + +THEORY OF OPERATION: + +First, make a root-only-readable file (/etc/limits by default or LIMITS_FILE +defined Makefile) that describes the resource limits you wish to impose. No +limits are imposed on UID 0 accounts. + +Each line describes a limit for a user in the form: + + + +Where: + can be: + - an user name + - a group name, with @group syntax + - the wildcard *, for default entry + + can have the two values: + - "soft" for enforcinf the soft limits + - "hard" for enforcing hard limits + + can be one of the following: + - core - limits the core file size (KB) + - data - max data size (KB) + - fsize - maximum filesize (KB) + - memlock - max locked-in-memory address space (KB) + - nofile - max number of open files + - rss - max resident set size (KB) + - stack - max stack size (KB) + - cpu - max CPU time (MIN) + - nproc - max number of processes + - as - address space limit + - maxlogins - max number of logins for this user + - maxsyslogins - max number of logins on the system + +To completely disable limits for a user (or a group), a single dash (-) +will do (Example: 'bin -', '@admin -'). Please remember that individual +limits have priority over group limits, so if you impose no limits for admin +group, but one of the members in this group have a limits line, the user +will have its limits set according to this line. + +Also, please note that all limit settings are set PER LOGIN. They are +not global, nor are they permanent (the session only) + +In the LIMITS_FILE, the # character introduces a comment - the rest of the +line is ignored. + +The pam_limits module does its best to report configuration problems found +in LIMITS_FILE via syslog. + +EXAMPLE configuration file: +=========================== +* soft core 0 +* hard rss 10000 +@student hard nproc 20 +@faculty soft nproc 20 +@faculty hard nproc 50 +ftp hard nproc 0 +@student - maxlogins 4 + + +ARGUMENTS RECOGNIZED: + debug verbose logging + + conf=/path/to/file the limits configuration file if different from the + one set at compile time. + +MODULE SERVICES PROVIDED: + session _open_session and _close_session (blank) + +USAGE: + For the services you need resources limits (login for example) put a + the following line in /etc/pam.conf as the last line for that + service (usually after the pam_unix session line: + + login session required /lib/security/pam_limits.so + + Replace "login" for each service you are using this module, replace + "/lib/security" path with your real modules path. + +AUTHOR: + Cristian Gafton + Thanks to Elliot Lee for his comments on + improving this module. -- cgit v1.2.3