Translation(s): English - Fran├žais - Italiano

Unix operating system can enforce "Limits" the resources a process/user can consume.


In Debian, pam_limits enforce the limits when a session is opened. The limits are defined in /etc/security/limits.conf, see limits.conf(5) and /etc/pam.d/*.

Note that pam_limits is not used in /etc/pam.d/common-session and /etc/pam.d/common-session-noninteractive, so it won't be active for daemons (it is in PAM configuration for atd, cron, login, sshd, su, sudo, ...). For example, apache2 limits are configured in /etc/apache2/envvars (see 615632).


Any user can change it's own soft limit, between "zero", and the hard limit (typically enforced by pam_limit). For instance, bash(1) has ulimit :

## Show the current Hard limit for "memlock"
$ ulimit -H -l

## Show the current Soft limit for "memlock"
$ ulimit -S -l

## Set the current Soft "memlock" limit to 48KiB
$ ulimit -S -l 48

## That's ok !
$ ulimit -S -l

## The hard limit is still 64K
$ ulimit -H -l

## And it isn't possible to change it
$ ulimit -H -l 128
bash: ulimit: max locked memory: cannot modify limit: Operation not permitted

List all hard limits:

$ ulimit -H -a
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 16382
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited


See also