Unix operating system can enforce "Limits" the resources a process/user can consume.
In Debian, pam_limits enforce the limits when a session is opened. The limits are defined in /etc/security/limits.conf, see limits.conf(5) and /etc/pam.d/*.
Note that pam_limits is not used in /etc/pam.d/common-session and /etc/pam.d/common-session-noninteractive, so it won't be active for daemons (it is in PAM configuration for atd, cron, login, sshd, su, sudo, ...). For example, apache2 limits are configured in /etc/apache2/envvars (see 615632).
Any user can change it's own soft limit, between "zero", and the hard limit (typically enforced by pam_limit). For instance, bash(1) has ulimit :
## Show the current Hard limit for "memlock" %ulimit -H -l 64 ## Show the current Soft limit for "memlock" %ulimit -S -l 64 ## Set the current Soft "memlock" limit to 48KiB %ulimit -S -l 48 ## That's ok ! %ulimit -S -l 48 ## The hard limit is still 64K %ulimit -H -l ## And it isn't possible to change it %ulimit -H -l 128 bash: ulimit: max locked memory: cannot modify limit: Operation not permitted
List all hard limits:
%ulimit -H -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
quota - implementation of the disk quota system